Plasmic usage with own Strapi and custom auth provider

cosmic_coyote · August 16, 2023, 7:51pm

Hello!

Thanks a lot for your great work and the amazing product!

We are currently looking into your product and consider using Plasmic for a new SaaS.
It’s critical for us, that all data of our customer are on servers managed by us. That’s why we consider using an own Strapi instance as headless CMS. Also we already have a SSO provider in place and we would have to integrate a custom auth provider in Plasmic described here:
https://docs.plasmic.app/learn/auth-integration/#custom-auth-provider
Unfortunately it seems that via the auth-api all email addresses of the users will be sent to https://data.plasmic.app and have to be “mirrored” there.

Is there any way to avoid this?
Also it would be super interesting regarding data privacy, how you measure the page-views? Can this data be combined with individual user data?

Thanks a lot!

fmota · August 17, 2023, 5:17pm

Hi Marinus, you can provide obfuscated emails, we use the email as the identifier of the user, but if you are able to map your private emails to a formatted email that is non sensitive, you can then use it. But in the permissions tab https://docs.plasmic.app/learn/auth/#restricting-who-can-log-in you would have to be able to describe the roles of the users in your app by using the emails that you sent to the auth-api.

The page-views are currently not being enforced, but we do not collect individual user data.

cosmic_coyote · August 22, 2023, 10:23am

Hi Felipe!

Thank you very much for your answer! We will consider to obfuscate the emails then!