Note: All of the following options are set using the Console UI
The Authentication Providers page allows admins to create or update providers.
Authentication providers, such as LDAP, Google Auth, and local auth, are used to authenticate user login credentials. Each of the providers are explained in detail within the Plugins documentation.
To create a new provider service, click “Add a Directory Service” to open the Creation drawer. Enter information as required and click “Add Service”. The process is further explained for each additional provider in the Plugins documentation.
The Groups page allows admins to create or delete groups. Groups allow permissions to be set for multiple users at once, instead of assigning permissions on a per-user basis for each node or folder.
To create a new group, click the “Create a New Group” button to open the Creation drawer. Enter the name of the group and select users you would like to be members (a user can belong to multiple groups).
Features
Groups can have certain UI features enabled or restricted throughout the Console. Currently supported features are:
Infrastructure/Client Installation
page.The Groups page also allows Users to be added or removed from Groups.
The Users page allows admins to manage all user accounts found in the Console. To create a new user, click the “Create a New User” button to open the User Creation drawer. Enter the required information and click “Create User”.
Features
Users may have certain UI features enabled or restricted throughout the console. Currently supported features are:
Infrastructure/Client Installation
page.This User will now be able to log into the Console using the given username and password.
The Roles page allows admins to define specific capabilities for a user or group. For instance, the Admin role has access to all operations by default and would be able to take any action on the Console. This includes creating, deleting, updating, and viewing nodes.
To create a new role, click the “Create a new Role” button to open the creation drawer. Enter the name of the Role and configure the object type and desired operations.
Features
Roles can have certain UI features enabled or restricted throughout the Console. Currently supported UI features are:
Scan Triggering – When assigned this Role on a node, Users and Groups will be able to trigger scans using “Scan Now” or “ Schedule Scan”
Enforcement Triggering - When assigned this Role on a node, Users and Groups will be able to fix findings using the “Remediate” button.
There are six levels of Operations configurable under “Add Permission”:
\*
- all operationsREAD
- display information on the node (endpoint, folder, or server)UPDATE
- make changes to a node like its parent and other permissionsDELETE
- delete the nodeLIST
- display the children of the nodeCREATE
- create new foldersThe Roles page is also able to update Roles by adding or removing permissions using the “Edit Role” drawer.