Create User Group
You can add a user group and configure permissions to give access to specific features.
Before you Start
Ensure you have Create/Update permissions for User Group Management.
Steps
To add a user group, follow these steps:
Go to Admin Panel > User Group Management.
Click Add Group.
Enter the following details:
Group Name: Enter a name for the user group.
Description: Enter a description for the user group.
SAML Group Mapping: To onboard new users and authorize SAML-authenticated users upon every login, you can map SAMP IdP groups with Cyware application's user groups. If an exact match for the group name is found, then the users are granted access and permissions within the application, as defined by the external identity provider (SAML user group) and the application's access permissions. If no user groups are configured, the default user group from the SAML authentication configuration will be automatically used. To configure the group attribute and default user groups, see Configure SAML 2.0 as the Authentication Method.
Enter the SAML user group name. You can add multiple user groups as a comma-separated list. The SAML Group Mapping field is pre-filled based on your user group's name. However, you can modify SAML group names to match your IdP provider group names.
When you map multiple user groups to a Cyware application's user group, the SAML assertion will verify all the group permissions and provide consolidated access to the features.
When adding both read-only and non-read-only groups, the application gives precedence to the non-read-only group and assigns permissions based on that group's settings.
Rate: Enter a rate for the user group between 1 and 999999. This is used to calculate the average cost of an incident and action, cost per incident type, the average cost per analyst, and the average cost per business unit.
Note
You can configure the cost model frequency and currency to calculate the cost under Admin Panel > Configurations > Basic Configuration > Cost Configurations. For more information, see Configure General Settings.
Users: Select the users that you want to add to the user group.
Orchestrate Playbook Tags: Select the Orchestrate Playbook tags to allow the users to access the Playbooks.
Note
To configure Orchestrate Playbook Tags, you must integrate and enable Orchestrate with CFTR. For more information, see Integrate Orchestrate.
Permissions: Turn on the View and Create/Update toggles to configure the permission to various features.
Note
By default View permission for some features is enabled and cannot be modified. For example, Business Units, Dashboards, Labels, Locations, and more.
Click Add.
Deactivate User Group
You can deactivate unused custom user groups and users cannot assign incidents, actions, enhancements, and PIRs to inactive groups.
Note
You cannot deactivate the default user groups, such as SOC Manager, SOC Analyst, and CFTR Admin.
Before you Start
Ensure you reassign the incidents, actions, enhancements, and PIRs to other user groups.
Ensure you remove all users from the user group and assign them to other user groups.
Steps
To deactivate a user group, follow these steps:
Go to Admin Panel >User Management.
Select a user group.
Turn off the Active toggle.
To view the inactivated user groups, select Inactive.
Supported Activities for User Groups
In User Group Management, you can perform the following activities:
Search for a user group.
Search for a module/functionality to view the permission for a user group.
Update the user group details.
View activity logs to track updates to the user groups. You can also search or filter activity logs based on the action, created date, and user.
Export activity logs.