title: Destination Actions

The Destination Actions framework improves on classic destinations by enabling you to see and control how Segment sends the event data it receives from your sources, to actions-based destinations. Each Action in a destination lists the event data it requires, and the event data that is optional.

You can also choose which event types, event names, or event property values trigger an Action. These Triggers and mappings make it possible to send different versions of the Action, depending on the context from which it is triggered.

title: Comparing Data Lakes and Warehouses

As Segment builds new data storage products, each product evolves from prior products to best support the needs of customers. Segment Data Lakes is an evolution of the Warehouses product that meets the changing needs of customers.

hidden: true

title: Configure the Data Lakes AWS Environment

The instructions below will guide you through the process required to configure the environment required to begin loading data into your Segment Data Lake. For a more automated process, see [Set Up Segment Data Lakes](/docs/connections/storage/catalog/data-lakes).

title: Segment Data Lakes Overview

redirect_from: '/connections/destinations/catalog/data-lakes/'

title: Lake Formation

Lake Formation is a fully managed service built on top of the AWS Glue Data Catalog that provides one central set of tools to build and manage a Data Lake. These tools help import, catalog, transform, and deduplicate data, as well as provide strategies to optimize data storage and security. To learn more about Lake Formation features, see [Amazon Web Services documentation](https://aws.amazon.com/lake-formation/features/){:target="_blank"}.

The security policies in Lake Formation use two layers of permissions: each resource is protected by Lake Formation permissions (which control access to Data Catalog resources and S3 locations) and IAM permissions (which control access to Lake Formation and AWS Glue API resources). When any user or role reads or writes to a resource, that action must pass a both a Lake Formation and an IAM resource check: for example, a user trying to create a new table in the Data Catalog may have Lake Formation access to the Data Catalog, but if they don't have the correct Glue API permissions, they will be unable to create the table.

title: Data Lakes Sync History and Health

The Segment Data Lakes sync history and health tabs generate real-time information about data syncs so you can monitor the health and performance of your data lakes. These tools provide monitoring and debugging capabilities within the Data Lakes UI, so you can identify and proactively address data sync or data pipeline failures.

title: Data Lakes Sync Reports and Errors

Segment Data Lakes generates reports with operational metrics about each sync to your data lake so you can monitor sync performance. These sync reports are stored in your S3 bucket and Glue Data Catalog. This means you have access to the raw data, so you can query it to answer questions and set up alerting and monitoring tools.

title: Data Warehouses

redirect_from: '/connections/warehouses/'

{% include content/whats-a-warehouse.md %}

title: Replay

Replay takes an archived copy of your Segment data, and re-sends it to new or existing tools.

On the surface this doesn't sound like much, but this can grant huge benefits to mature data systems: By archiving and replaying data, you can avoid vendor lock-in, and protect your system against data loss.

title: Privacy Controls & Alerts

The Privacy Portal gives you control over whether specific data is allowed to

enter Segment.

title: Privacy Portal

When preparing for new privacy regulations (like HIPAA, the GDPR, or the CCPA), the

best practice is to create a comprehensive data inventory which includes details

title: 'Anomaly Detection'

If you're using Protocols, you might want to get notifications when an anomaly in event volumes or [Protocols violation](/docs/protocols/validate/forward-violations/) counts occurs. This document clarifies what we mean by anomaly detection, gives examples of anomalies that might be relevant to your business, and provides some example solutions of how to monitor and alert on anomalies using some standard tools available today.

title: 'Protocols: APIs and Extensions'

Built from the ground up, Protocols addresses a wide range of customer needs.

With Protocols, you can help engineers reduce tracking errors, create issue notifications, and get the most out of your Tracking Plan. Below, learn about several Protocols resources that can help you address these and other common use cases.

title: Forward blocked events

If you're concerned about permanently discarding blocked events, you can enable blocked event forwarding on a Segment Source. To set up forwarding, navigate to the settings tab of the Source, then Schema Configuration.

title: Customize your schema controls

redirect_from: '/protocols/enforce/'

The Schema Configuration settings for each source can be used to selectively block events, or omit properties and traits from `.track()`, `.identify()` and `.group()` calls. Segment can permanently drop events that are not included in your Tracking Plan, depending on the settings you select. Segment can also block events with invalid properties or invalid property values.

title: Protocols Frequently Asked Questions

title: Tracking Plan Libraries

Tracking Plan Libraries make it easy to scale Tracking Plan creation within your workspace. You can create libraries for track events or track event properties. Editing Tracking Plan Libraries is identical to [editing Tracking Plans](/docs/protocols/tracking-plan/create/).

title: Use Transformations to fix bad data

redirect_from: '/protocols/transformations/'

With Transformations, you can change data as it flows through Segment to either correct bad data or customize data for a specific destination. Change event and property names to align events with your Tracking Plan, or to conform to a destination-specific requirement. For example, you can create a Transformation to change an event name from `completed_order` to `Order Completed` to conform to [Segment's ecommerce spec](/docs/connections/spec/ecommerce/v2/#order-completed).

title: Connect a Tracking Plan

redirect_from: '/protocols/validate/'

With your Tracking Plan complete, it's time to apply the Tracking Plan to one or more Sources. Select **Connect Source** from the right hand menu for your specific Tracking Plan.


title: Forward Violations

You can forward Violations (data that does not conform to your Protocols tracking plan) to a Segment Source to enable custom notifications, dashboards and further analysis in any Segment destination that accepts cloud-mode data.

To set up forwarding, navigate to the settings tab of the Source, then Schema Configuration. Select the source you'll forward events to from the Forwarding Settings Violations dropdown. Similar to [Blocked Event forwarding](/docs/protocols/enforce/forward-blocked-events/), Segment recommends that you create a new Source for violations.

title: Review and Resolve Event Violations

Upon connecting your Tracking Plan to a Source, you will be able to view violations grouped by event. To view violations, click on the Violations button located on the Schema tab in a Source. A filter can be applied to only show events with violations within the past 24 hrs, 7 days and 30 days.

title: Access Management Concepts

title: Identity & Access Management Overview

redirect_from: '/segment-app/iam/add-a-team-member/'

Segment's access management tools let workspace owners manage which users can access different parts of their Segment workspaces.

The Access Management page has three tabs: [Users (team members)](/docs/segment-app/iam/concepts/#team-members), [User Groups](/docs/segment-app/iam/concepts/#user-groups), and [Tokens](/docs/segment-app/iam/concepts/#tokens). You can select a user in the table to see their [roles](/docs/segment-app/iam/roles).

title: Using Label-Based Access Control

Labels allow workspace owners to assign permissions to users to grant them access to groups. Groups represent collections of Sources, or collections of Spaces.

title: Manage Workspace Access

redirect_from: '/segment-app/iam/groups/'

This page explains how to add [Team Members](/docs/segment-app/iam/concepts/#team-members) and [User Groups](/docs/segment-app/iam/concepts/#user-groups) to your team's workspace, how to assign them [roles](/docs/segment-app/iam/roles), and how to remove them.

title: Multi-Factor Authentication (MFA)

Multi-factor Authentication (MFA) provides an additional layer of security when logging into your Segment account. When MFA is enabled, users must enter their username and password, and a one-time use code. Users can either enable MFA for their own account, or workspace owners can require that all users in a workspace use MFA. These security settings are available in the workspace from the "Advanced Settings" section.

title: "System for Cross-domain Identity Management (SCIM) Configuration Guide"

The SCIM specification is designed to make managing user identities in cloud-based applications like Segment easier. SCIM allows your Identity Provider (IdP) to manage users and groups within your Segment workspace.

Most IdPs offer SCIM, and it complements SAML. You can think of SAML as a way for your employees to authenticate and SCIM as a way to make sure they have the appropriate permissions.

title: "Single Sign On team management"

Segment supports Single Sign On for Business Tier accounts. You can use any SAML-based Identity Provider (IdP), for example Okta, Bitium, OneLogin, or Centrify, or use GSuite to serve as your identity provider, delegating access to the application based on rules you create in your central identity management solution.