Create User Group
You can create custom user groups to categorize users based on roles and assign specific permissions to access the Orchestrate features.
Before you Start
Ensure that you have the View and Create & Update User Groups permission.
Steps
To create a custom user group, follow these steps:
Go to Admin Panel > User Group Management.
Click Add User Group, and enter the following details:
Title: Enter a unique title within 50 characters for the user group. For example, Security Operations Team.
Description: Enter a description that describes the key functions of the user group.
Read-Only User Group: Turn on the toggle to create a user group with restricted permissions. After a read-only user group has been created, it cannot be modified to a non-read-only user group.
User(s): Select users to add to this user group. Adding a read-only user to a non-read-only user group removes their previous permissions and grants them the permissions of the corresponding user group. Assigning a non-read-only user to a read-only group revokes their previous permissions and assigns read-only permissions. For more information about the user group permission set, see User Groups Permission Set.
Workspace: Select one or more workspaces if a workspace is enabled in your instance. Users in this group are assigned permissions specific to the group, allowing interaction with various features, including playbooks and apps, within the selected workspace. For more information about the workspace, see Workspaces.
SAML User Group: To onboard new users and authorize SAML-authenticated users upon login, link SAML IdP groups with user groups in the Cyware application. When an exact match for the group name is found, users gain access and permissions within the application, as defined by the external identity provider (SAML user group) and the application's access permissions. If no user groups are configured, the system automatically assigns the default user group from the SAML authentication configuration. To configure the group attribute and default user groups, see Configure SAML 2.0 as the Authentication Method.
Enter the SAML user group name. You can add multiple user groups as a comma-separated list.
Assigning multiple SAML IdP user groups to a Cyware application user group allows the SAML assertion to check all group names and combine permissions from each assigned group. These permissions are then consolidated to grant access to corresponding features.
Status: Turn on the toggle to set the group's status to active. You can only add users to the active user group. By default, this toggle is turned on.
Note
You cannot set a group's status to inactive with active users. To set a user group inactive, you must remove all the existing users and then set it to inactive.
Select one or more permissions to assign the user group. By default, view permissions for the dashboard, run logs, console status, and audit logs are enabled. You can turn on the Enable All toggle to enable all permissions.
Click Create.
You can view the created user group details in User Group Management such as user group name, group's status, created by, and count of users of the user group.
Create Custom Read-Only User Group
You can create a custom read-only user group with additional view permissions. However, create and update permissions are restricted.
Note
Your license includes a specific limit for creating read-only users.
Before you Start
Ensure that you have the View and Create & Update User Groups permission.
Steps
To create a custom read-only user group, follow these steps:
Go to Admin Panel > User Group Management.
Click Add User Group, and enter the following details:
Title: Enter a unique title within 50 characters. For example, Security Operations Observations Team.
Description: Enter a description that describes the key functions of the user group.
Read-only User Group: Turn on the toggle to create a read-only user group.
User(s): Select users to add to this user group. Adding a read-only user to a write-enabled user group removes their previous permissions and grants them the permissions of the corresponding user group. Assigning a write-enabled user to a read-only group revokes their previous permissions and assigns read-only permissions. For more information about the user group permission set, see User Groups Permission Set.
Workspace: Select one or more workspaces if a workspace is enabled in your instance. Users in this group are assigned permissions specific to the group, allowing interaction with various features, including playbooks and apps, within the selected workspace. For more information about the workspace, see Workspaces.
SAML Group Name: To onboard new users and authorize SAML-authenticated users upon login, link SAML IdP groups with user groups in the Cyware application. When an exact match for the group name is found, users gain access and permissions within the application, as defined by the external identity provider (SAML user group) and the application's access permissions. If no user groups are configured, the system automatically assigns the default user group from the SAML authentication configuration. To configure the group attribute and default user groups, see Configure SAML 2.0 as the Authentication Method.
Enter the SAML user group name. You can add multiple user groups as a comma-separated list.
Assigning multiple SAML IdP user groups to a Cyware application user group allows the SAML assertion to check all group names and combine permissions from each assigned group. These permissions are then consolidated to grant access to corresponding features.
Status: Turn on the toggle to set the group's status to active. You can only add users to the active user group. By default, this toggle is turned on.
Note
You cannot set the status of the group to inactive with active users. To set a user group inactive, you must remove all the existing users and then set it to inactive.
Select one or more permissions to assign the user group. By default Enable All toggle is turned on which enables all listed permissions. For more information about permissions, see User Groups Permission Set.
Click on Create.
You can view the created user group details in User Group Management such as user group name, group status, created by, and count of users of the user group.
Manage User Groups
After you add a user group, you can perform the following additional tasks:
To modify the details of the user group click on the ellipsis and select Edit. Click Update to save the updates.
To clone the user group with the same permissions click on the ellipsis and select Clone. You can modify the details of the cloned user group and click Create to create a new user group.
To update a user to a read-only user, select a read-only user group and add the user. This will revoke all the create and update permissions from the user and assign the user with restricted permissions. For more information about user group permissions, see User Groups Permission Set.
To search a user group by title click on Search User Group.
To filter user groups, click on Show Filters. You can filter the user groups by the group name, created range, modified range, status, and permissions. You can sort user groups in ascending or descending order based on their creation and modification dates.
Permissions
You can assign permissions based on roles and user groups, configure permissions according to your requirements, and add users to these groups. The following describes the user group permissions:
By default, the View Permissions are enabled for all features.
Note
In Cyware Orchestrate Admin user group, View User Groups, and Create & Update User Groups permissions are enabled by default and cannot be edited. For non-read-only user groups, View User Groups, and Create & Update User Groups permissions are enabled by default and can be edited.
Turn on the Enable All toggle to allow complete access to all features.
If a feature only has View Permission available, then by default, the entire feature is enabled.
For example, Console Status is enabled by default since only View Console Status permission is available.
The permissions you enable for the Cyware Agent Configuration and Cyware Agent Tasks features can only be accessed from the Cyware Agent using Open APIs.