Skip to main content

User segmentation

User segmentation ensures complete separation of user data across brands, regions, or business units through isolated identity pools and flexible directory integration. Each segment operates independently while maintaining security boundaries and compliance requirements.

💡 Why this matters
You protect brand integrity and meet regulatory requirements by ensuring users from one brand or region cannot access or see data from another segment.

Key capabilities​

  • Isolated identity pools – Complete user data separation with no cross-segment visibility
  • Flexible directory models – Connect different identity sources per segment (AD, cloud IdPs, databases)
  • Independent user stores – Separate user directories with distinct schemas and attributes
  • Cross-segment prevention – Technical controls prevent accidental or malicious cross-access
  • Compliance boundaries – Meet regulatory requirements for data separation by region or industry

Outcomes​

Organizations that implement user segmentation typically achieve:

  • Complete data privacy with no cross-brand or cross-region user visibility
  • Regulatory compliance through enforced data boundaries and audit trails
  • Brand protection by preventing user confusion or unauthorized access

Design principles​

  • Design clear segmentation rules based on business, regulatory, or geographic requirements
  • Implement defense-in-depth isolation at multiple system layers
  • Plan for user migration scenarios while maintaining security boundaries
  • Ensure audit capabilities track access patterns within and across segments

Where to configure​

Use these guides to implement user segmentation:

Compliance note​

User segmentation supports regulatory compliance by providing technical controls that enforce data separation requirements, maintain audit trails, and prevent unauthorized cross-segment access.

FAQ​

Can users exist in multiple segments?

No. Users belong to a single segment to ensure complete data separation and prevent cross-brand access or confusion.

How is user data kept separate between segments?

Each segment uses isolated identity pools with separate user directories, ensuring no technical possibility of cross-segment data access.

Can segments use different user attributes or schemas?

Yes. Each segment can define its own user attributes, schemas, and data requirements based on brand or regional needs.

What happens if users try to access the wrong brand?

Users attempting to access segments they don't belong to are denied access, with no visibility into other segment's existence or data.

How does this support regulatory compliance?

User segmentation provides technical enforcement of data separation requirements, comprehensive audit trails, and prevents cross-jurisdictional data access.