How Data Liberator Integrates with Your Identity Systems
Here's a common problem: You find a great new platform. It looks perfect. Then you ask, "How does it handle authentication?" And they say, "We have our own user database."
Now you're managing another set of users. Another password policy. Another security audit. Another system to keep synchronized when people join, leave, or change roles.
Data Liberator doesn't work that way.
Liberator integrates with your existing identity infrastructure through standard enterprise authentication protocols. We support:
This means Data Liberator works seamlessly with identity providers you already use:
When a user accesses Data Liberator:
The key insight: Liberator never stores or manages passwords. Your identity provider does what it's designed to do, and Liberator trusts its decisions.
Authentication tells us who you are. Authorization tells us what you can do. Data Liberator handles this through:
Role-Based Access Control (RBAC):
Fine-Grained Dataset Entitlements
Authentication tells Liberator who you are. Authorization tells it what you can do. And "what you can do" isn't just yes or no.
Most platforms treat dataset access as a toggle. You're in or you're out. Real data governance is messier than that. One team needs the full history of a dataset, another only needs the last twelve months. An analyst can query any record but only 10,000 rows a day. An AI agent gets specific columns, a specific time window, and nothing else.
Liberator handles all of that.
Entitlements go deeper than access. Every grant can be scoped by:
Date ranges — limit access to specific historical windows
Record filters — restrict which values a user can query, with regex patterns for flexibility
Columns — expose full detail to one group, a redacted view to another
Usage limits — queries, rows, or distinct values per month
Systems — UI, API, AI agent, specific integrations
Groups handle scale. Organize users into teams and datasets into bundles. Grant a team access to a dataset bundle, and every person inherits every dataset in one operation. New hire? Add them to the group. New dataset in the bundle? Everyone's already entitled.
Time-bounded by default. Every rule has a start and end timestamp. Contractor access expires on their last day. Trial data sunsets automatically. Vendor entitlements end when the contract does. Nothing to remember, nothing to revoke.
Deactivation clears entitlements. When a user is deactivated, their direct dataset grants are wiped. If they come back — new role, rehire, returning contractor — they're re-entitled explicitly rather than silently inheriting old access. Small design choice, big audit story.
This is what makes the AI integration safe. When Claude queries Liberator on behalf of a user, it inherits that user's entitlements exactly — dates, filters, columns, quotas, everything. The AI can't ask for data that the user can't see. It can't exceed the user's limits. It operates inside the same fences your users already live inside.
You're not granting AI a broad service account and hoping for the best. You're letting AI work within the permissions you already defined.
When someone leaves your organization, you disable their account in one place—your identity provider. They immediately lose access to Liberator along with every other system. No separate user databases to remember.
Every query includes:
You get complete audit trails for compliance requirements (SOC 2, HIPAA, GDPR). And because authentication goes through your identity provider, you leverage their existing logging and monitoring.
If your identity provider requires MFA, Liberator respects it. We don't bypass or weaken your existing security policies—we inherit them.
Remember the MCP integration we discussed in Part 2? When Claude queries your data through Liberator, it does so as the authenticated user.
This means:
This is crucial. You're not giving AI special access to your data. You're letting AI operate on behalf of authenticated users with exactly the permissions those users have.
Security isn't an afterthought with Data Liberator. It's designed from the ground up to integrate with enterprise identity systems because that's the only way to do it right.
You don't change how you manage users. You don't relax security policies. You don't create exceptions. Liberator fits into your existing security infrastructure seamlessly.
And when your security team asks, "How does this new data platform handle authentication?" you can say: "The same way everything else does—through our identity provider."
Book a demo with CloudQuant to see how Data Liberator fits into the infrastructure you already have.