DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

Identity Management

Overview

Identity Management provides an interface for managing admins, users, and permissions. This functionality is available in DivvyCloud under "Administration" --> "Identity Management" from the main navigation.

Note: Permissions will impact your ability to access certain details and features on this page.

Identity Management Location

Administrators can view their Domain Admins, Users, User Groups, Roles & Entitlements, and Authentication Servers from the Identity Management section of DivvyCloud.

You can also:

  • Add administrators and users
  • Manage User passwords
  • Create and manage User Groups
  • Manage Authentication Servers

For users with domain admin or read-only admin permissions, you also have the ability to download a CSV report that contains information on all of the domain administrators/viewers.

Download a CSV of Domain Administrators and Viewers

Authentication

User accounts can be configured to authenticate using four different authentication types

  • Local Authentication - This type of user authenticates against the local database
  • Active Directory - Authentication for the user occurs via a configured Active Directory server
  • Azure Active Directory - Authentication for the user occurs over OAuth 2.0 via a configured Azure Active Directory authentication server
  • LDAP - Authentication for the user occurs via a configured LDAP authentication server
  • SAML - Authentication for the user occurs via a SAML server

When users execute write operations within the tool, their actions are recorded and can be accessed via Change History.

Hierarchy

Installation > Domains > Organizations > Groups/Roles/Users

Installation (Enterprise Only)

An installation is the DivvyCloud software suite comprising of API/Webservers, Cloud Harvesting, Automation system and database. DivvyCloud can be deployed in a flexible manner from running entirely on a single server to scaling across multiple servers for performance and redundancy. Check out our Installation section to learn more.

Domains (Enterprise Only)

Domains are a collection of Organizations and allow for domain administrators to manage Organizations. Check out our Domains section to learn more.

Organizations (Enterprise Only)

Organizations allow for complete isolation between Cloud Accounts, resources and users on a installation. Cloud Accounts and their resources can only belong to one Organization and cannot be modified or viewed from another Organization. Check out our Organization section to learn more.

Users/Groups/Roles

With the exception of domain admins, users may only belong to a single Organization. Domain admins my change between organizations but within their current session cannot modify or view Cloud Accounts, or the cloud’s resources, without first changing to the correct organization.

All other users are Basic Users and must be explicitly granted permissions via the Role Based Access system. The system is comprised of 1) Users, 2) Groups, 3) Roles, and 4) Scopes.

Groups are used to organize users together for the same set of permissions. Eg. Power Users, View Only, AWS-Development-Team, etc.

Permissions are defined by a Role. A Role consists of a name, description and one or more permissions:

  • All Permissions - Permission to execute any action within the role scope
  • View - Permission to view resources within the scope
  • Provision - Permission to create new resources
  • Manage - Permission to manage the resources in scope
  • Delete - Permission to destroy resources
  • A Role can then be associated with one or more Cloud Accounts or Resource Groups which is called the Scope of the Role. Many roles can be associated with a group. Likewise many Scopes can be associated with a Role.

Once a Group with Roles is created that is scoped to some resources, a user can be created and added to the group. Authenticate with this new user’s account and you will see the clouds or groups granted to the user.

Checkout our User, Groups and Roles to learn more.

Updated about a month ago


Identity Management


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.