User populations

Separate user groups with different authentication methods, access permissions, and management needs.

💡 Why this matters
Prevents privilege escalation, simplifies compliance auditing, and enables delegated administration for different user types.

What are user populations

User populations organize users into distinct groups with separate:

• Authentication methods (SSO, social login, username/password)
• User attributes and password policies
• Access permissions to applications
• Delegated administrators

Common examples: Employees use corporate SSO, customers use social login, partners use partner federation.

User populations vs. suborganizations

Need	Use User Population	Use Suborganization
Same organization, different access	✅	❌
Separate legal entities	❌	✅
Shared compliance requirements	✅	❌
Independent IT management	❌	✅

Key capabilities

Separate authentication

Each population can use different identity providers:

Population	Authentication method	Example
Employees	Corporate SSO	Azure AD, Okta
Customers	Social + self-registration	Google, Facebook
Partners	Partner federation	Partner's SSO system

Unique identifiers

• Same email can exist in multiple populations
• Users are unique within their population only
• Prevents conflicts between user groups

Delegated management

Assign population managers with limited administrative rights:

Manager type	Can do	Cannot do
User manager	Add/remove users, reset passwords	Change authentication settings
Population admin	All user management, basic settings	Cross-population access, security policies

Access control

Control which applications each population can access:

Application type	Employees	Customers	Partners
Internal tools	✅	❌	❌
Customer portal	Support view	✅	❌
Partner portal	Admin view	❌	✅

⚠️ Security note
Each population inherits organization security policies but can have additional restrictions