User Data Model

Cakewalk’s User Directory is the single source of truth for every identity in your SaaS ecosystem. This page explains how users are represented, what metadata is stored, their governance status.

📖 Key Concepts

Every user record in Cakewalk has four core attributes:

Source: Where the identity came from (HRIS, IDP, Integration, Manual)
Category: The type of user (Employee, Contractor, Service Account)
Role: What permissions they have within Cakewalk
Status: Whether the identity is actively governed

Together, these define how Cakewalk manages, displays and governs the identity.

📂 User Fields

Field

Description

Examples

Primary Email

Unique identifier for the user (always included in aliases list).

[email protected]

Aliases

Additional email addresses linked to this user.

[email protected], [email protected]

Source

Origin of the user record (see below).

HRIS, IDP, Integration, Manual

Status

Governance state (see below).

Active, Discovered, Ignored, , Onboarding, Invited,

Category

Classification of the user (see below).

Employee, Contractor, Service Account

Role

Permissions level inside Cakewalk (see here).

General Manager, Admin, User

App Accesses

List of accounts discovered for this user across connected applications.

Slack, GitHub, Notion, ChatGPT, etc.

Department

The department, function or business unit the user belongs to.

Engineering, Sales, Finance

Manager

The user’s direct manager (used in request and approval workflows).

[email protected]

🌐 User Sources

Each user has a Source that indicates where they were first discovered or synced from:

Source

Description

Example

HRIS

Synced from your system of record (e.g. BambooHR).

Jane exists in BambooHR → synced to Cakewalk

IdP

Synced from your identity provider (e.g. Okta, Entra, Google Workspace).

John added to Okta → synced to Cakewalk

Integration (coming soon)

Discovered via a SaaS app integration.

GitHub user not found in HRIS/IDP but synced to Cakewalk

Manual

Created manually in Cakewalk.

Admin creates a user manually who is not part of the HRIS or IdP

👥 User Categories

Each user in Cakewalk is assigned a Category that classifies the type of user:

🚦 User Statuses

Statuses control whether users are governed, visible and able to take action.

Status

Can Submit Request?

Can Access Cakewalk?

Included in Access Reviews?

Discovered

Found in integration but not linked to a Cakewalk user or invited yet.

❌ No

Invited

User is invited to Cakewalk but still needs accept it to turn active.

❌ No

✅ Yes

Active

Fully governed user with valid role.

✅ Yes

Ignored

Explicitly excluded from governance.

❌ No

Offboarding

Offboarding for the user has begun and they only have limited access to Cakewalk.

❌ No

✅ Yes

❌ No

Deactivated

Completely offboarded users, retaining request logs for audit purposes.

❌ No

Example: Discovered → Active

Cakewalk syncs from GitHub and finds [email protected].
Alex does not exist in HRIS/IDP → marked Discovered.
Admin confirms Alex is a contractor → sets status to Active, assigns role User.
Alex is now included in access reviews and can request apps.

🔄 Status Transitions

Admins can manually transition users between statuses. Common transitions include:

Discovered → Active (onboard a previously unmanaged user)
Discovered → Ignored (suppress irrelevant identities)
Active → Offboarding (start deprovisioning workflow)

PreviousData Models NextApp Data Model

Last updated 24 days ago

Was this helpful?