Skip to main content

Cyware Fusion and Threat Response

Create User

To provide user access to Respond, you must add users in User Management. You can use User Management to:

  • Manage user profile details.

  • Assign users to various user groups.

  • Configure Allowed Business Units and Allowed Locations to define user access levels. For more information, see Configure Role-Based Access Control (RBAC) in CFTR.

  • Configure bot users to define the permissions of an open API.

Just-In-Time User Provisioning

You can automatically onboard users using Just-In-Time (JIT) user provisioning, without the need to manually create user accounts. Administrators can automatically create and authenticate users into Respond with Single Sign-On (SSO) through the Security Assertion Markup Language (SAML). To configure SAML, see Configure SAML 2.0 as the Authentication Method.

Before you Start

  • Ensure you have Create/Update permission for User Management.

  • Ensure you have configured an email server to send email invites to new users. For more information, see Configure Email Server.

Steps

To create a user, follow these steps:

  1. Go to Admin > User Management.

  2. Click Add User and enter the following details:

    • First Name: Enter the first name of a user.

    • Last Name: Enter the last name of a user.

    • Username: Enter a unique username for the user. A username is used to assign the Threat Response modules, such as Incidents, Actions, Enhancements, PIRs, and Campaigns, and tag users in comments.

      Note

      The username of a user cannot be modified later.

    • Email ID: Enter the user's email ID. The user will receive an email invite to set the sign-in password, and all email notifications are sent to this email ID. You can edit or update the email ID later in Respond after the user is added. This field supports both uppercase and lowercase letters.

      Note

      If a user does not have a valid email ID, you can set a temporary password in the Password field and provide it to the user to sign in and reset the password.

    • Password: Enter a temporary password to enable new users to sign in to Respond. After signing in, the user will be redirected to update the password to access Respond.

    • Confirm Password: Re-enter the temporary password.

      Note

      To set a temporary password for new users, you must enable Create Password for New Users setting for the Username/Password authentication method.

    • Job Title: Enter the job title of a user.

    • User Groups: Select the user groups to assign a user. You can select either the Read-Only user group or any other user group.

      Note

      If you add a user to the Read-Only user group, the user will be removed from all other groups.

    • User's Location: Select the location of a user.

    • Contact Number: Enter the country code and contact number of a user.

    • User's Business Unit: Select the business unit of a user.

    • Allowed Locations: Select the locations the user is allowed to access. The user will be able to view incidents associated with these locations.

    • Allowed Business Units: Select the business units the user is allowed to access. The user will be able to view incidents associated with these business units.

    • Bot User: Select this option to mark the user as a bot. Any open API using this bot will have the same permissions as the user group the bot belongs to.

  3. Click Add.

An invitation email is sent to the new user to create a password to access Respond.

Import Users

To import users, you must enter the user data as per an XLSX template that is supported by Respond.

To download the import template, follow these steps:

  1. Go to Admin > User Management.

  2. Click Import , select Import XLSX, and select the XLSX file from your system to import users. To download the template, click Preview Template and click Download Template.

Update the template with the user data. You must enter the following data for all users:

  • first_name

  • last_name

  • username

  • email

  • groups

Note

The username and email of all users must be unique.

To upload the XLSX template and import users, do the following:

  1. Go to Admin > User Management.

  2. Click Import and select Import XLSX.

  3. Select the XLSX file that includes the user data and click Upload.

Users are imported in the background. You can track the progress in the Background Process from the top app bar.

Bulk Allocate User Access Controls

You can allocate the user access controls, such as Business Units, Locations, and User Groups, to multiple users at one go. For example, when a new business unit is added, administrators can allocate the business unit to multiple users.

Note

You can allocate the user access controls to the active users only.

To bulk-allocate user access controls to active users, follow these steps:

  1. Go to Admin > User Management.

  2. Select the active users and select a user access control type.

  3. Review the selected users and click Proceed.

  4. Select the allowed business units, allowed locations, or user groups that you want to allocate to the selected users and click Save.

  5. Click Yes, Proceed on the confirmation message.

User details are updated with the newly added access controls in the background. You can track the progress in the Background Process in the top-right corner of the top app bar.

Re-invite User

You can re-invite users to send an email with a password reset link. To re-invite a user, follow these steps:

  1. Go to Admin > User Management and select a user.

  2. Click More next to Edit Profile and select Re-invite.

An email with a password reset link will be sent to the user.

Inactivate User

You can deactivate a user who no longer needs access to the Respond application. You cannot delete a user permanently from Respond. Admins can choose to deactivate a user to suspend the user account temporarily or reactivate the user at any time. Administrators can also reassign existing or new open incidents and incomplete tasks from deactivated users to other active users.

Consider the following points before deactivating a user:

  • The deactivated user remains the owner of any incidents or tasks assigned to them until you reassign them.

  • New incidents cannot be assigned to a deactivated user.

  • The user appears as deactivated in the User Groups tab. As an administrator, you can reassign the tasks of the deactivated user to other users.

  • Saved incident filters containing the deactivated user are not affected.

To deactivate a user, follow these steps:

  1. Go to Admin Panel > User Management.

  2. Search and select a user.

  3. To deactivate a user, turn off the Active toggle.

Supported Activities for Users

You can perform the following activities to manage users:

  • View basic details of a user, such as status, invitation status, username, login IP address, last OS used, and more.

  • Search for a user.

  • Filter users based on Allowed Business Unit, Allowed Location, Invitation Status, User Group, User's Business Unit, and User's Location.

  • Reset password.

  • Update user details.

  • Import users.

  • View activity logs to track the updates.