Skip to main content

Cyware Fusion and Threat Response

Create User

To provide user access to CFTR, administrators must add the users in User Management. You can use User Management to:

  • Manage user profile details.

  • Assign users to various user groups.

  • Configure Allowed Business Units and Allowed Locations to define user access levels. For more information, see Configure Role-Based Access Control (RBAC) in CFTR.

  • Configure bot users to define the permissions of an open API.

Just-In-Time User Provisioning

You can automatically onboard users using Just-In-Time (JIT) user provisioning, without the need to manually create user accounts. With Single Sign-On (SSO) through the Security Assertion Markup Language (SAML), administrators can automatically create and authenticate users into CFTR. To configure SAML, see Configure SAML 2.0 as the Authentication Method.

Before you Start

Ensure that you have:

  • Create/Update permission for User Management to add a user.

  • Configured an email server to send email invites to new users. For more information, see Configure Email Server.

Steps

To add a user, do the following:

  1. Go to Admin Panel > User Management.

  2. Click New User at the top-right.

  3. Enter the following details:

    • First Name: Enter the first name of a user.

    • Last Name: Enter the last name of a user.

    • Username: Enter a unique username for the user. A username is used to assign the Threat Response modules, such as Incidents, Actions, Enhancements, PIRs, and Campaigns, and tag users in comments.

      Note

      The username of a user cannot be modified later.

    • Email ID: Enter the email ID of the user. The user will receive an e-mail invite to set the sign-in password and all e-mail notifications on this e-mail ID. You can add or update the email ID after adding a user in CFTR.

      Note

      If a user does not have a valid email ID, you can set a temporary password in the Password field and provide it to the user to sign in and reset the password.

    • Password: Enter a temporary password to enable new users to sign into CFTR. After signing in, the user will be redirected to update the password to access CFTR.

    • Confirm Password: Re-enter the temporary password.

      Note

      To set a temporary password for new users, you must enable Create Password for New Users setting for the Username/Password authentication method.

    • Job Title: Enter the Job title of a user.

    • User Groups: Select the user groups to assign a user. You can either select the Read-Only user group or other user groups.

      Note

      If you add a user to the Read-Only user group, the user will be removed from all other groups.

    • User's Location: Select the location of a user.

    • Contact Number: Enter the country code and contact number of a user.

    • User's Business Unit: Select the business unit of a user.

    • Allowed Locations: Select the allowed locations of a user. The user can access the incidents of the allowed locations.

    • Allowed Business Units: Select the allowed business units of a user. The user can access the incidents of the allowed business units.

    • Bot User: Select this option to mark a user as a bot user. A bot user is used to define the permissions of an open API. An open API has the same permissions as the user group of the associated bot user.

  4. Click Add.

An invitation e-mail is sent to the new user to create a password to access CFTR.

Import Users

To import users, you must enter the user data as per an XLSX template that is supported by CFTR.

To download the import template, do the following:

  1. Go to Admin Panel > User Management.

  2. Click Import on the top-right corner and download the template.

Update the template with the user data. You must enter the following data for all users:

  • first_name

  • last_name

  • username

  • email

  • groups

Note

The username and email of all users must be unique.

To upload the XLSX template and import users, do the following:

  1. Go to Admin Panel > User Management.

  2. Click Import on the top-right corner and select Import XLSX.

  3. Select the XLSX file that includes the user data and click Upload.

Users are imported in the background. You can track the progress in the Background Process from the top app bar.

Bulk Allocate User Access Controls

You can allocate the user access controls, such as Business Units, Locations, and User Groups, to multiple users at one go. For example, when a new business unit is added, administrators can allocate the business unit to multiple users.

Note

You can allocate the user access controls to the active users only.

To bulk allocate user access controls to active users, do the following:

  1. Go to Admin Panel > User Management.

  2. Select the active users on the left and select a user access control type.

  3. Review the selected users and click Proceed.

  4. Select the allowed business units, allowed locations, or user groups that you want to allocate to the selected users and click Save.

  5. Click Yes, Proceed on the confirmation message.

User details are updated with the newly added access controls in the background. You can track the progress in the Background Process in the top-right corner of the top app bar.

Re-invite User

You can re-invite users to send an email with a password reset link. To reinvite a user, do the following:

  1. Go to Admin Panel > User Management and select a user.

  2. Click More next to Edit Profile and select Re-invite.

Inactivate User

You cannot delete a user in CFTR, whereas you can deactivate a user who no longer needs access to the CFTR application. Admins can choose to Deactivate a user to suspend the user account temporarily or reactivate the user at any time. Administrators can also reassign existing or new open incidents and incomplete tasks from deactivated users to other active users.

Consider the following points when before deactivating a user:

  • The deactivated user remains to be the owner of any incidents or tasks assigned to them until you reassign them.

  • New incidents cannot be assigned to a deactivated user.

  • The user appears as deactivated in the User Groups tab. As an administrator, you can reassign tasks to other users as a replacement for the deactivated users.

  • Saved incident filters containing the deactivated user are not affected.

To deactivate a user, do the following:

  1. Go to Admin Panel > User Management.

  2. Search and select a user.

  3. Disable the Active toggle to deactivate a user.

Supported Activities for Users

You can perform the following activities to manage users:

  • View basic details of a user, such as status, invitation status, username, login IP address, last OS used, and more.

  • Search for a user.

  • Filter users based on Allowed Business Unit, Allowed Location, Invitation Status, User Group, User's Business Unit, and User's Location.

  • Reset password.

  • Update user details.

  • Import users.

  • View activity logs to track the updates.