User Configurations (for Admins)

User Configuration Options Available to Administrators Within InsightCloudSec

This section of the Identity Management/User documentation provides details for administrators who manage other InsightCloudSec users.

Identity Management - Users TabIdentity Management - Users Tab

Identity Management - Users Tab

User Administration

Refer to the details below on steps required for administrators to add a user, modify a user, or download a user.

Adding a User

To create a new "Basic User" refer to the following steps.

1. From "Administration --> Identity Management" select the "Users" tab on the Identity Management page and locate the Add User button on the top right corner.

2. Fill in the "Create User" form as follows:

  • Select the type of "Authentication" you would like to assign the user.
  • From the drop-down, select the Groups in which you want this new user to be included.
  • Leave the account type set to "Basic User".
  • Complete the rest of the form details as desired.

Note: Create User fields will vary based on the authentication type selected. For example, the option to enable API Key Generation is not available until after a user has been initially created.

3. Select "Submit" when you have completed the required details.

Create New Basic User - Username and Password Authentication ExampleCreate New Basic User - Username and Password Authentication Example

Create New Basic User - Username and Password Authentication Example

Modifying a User

Administrators have the ability to modify existing users through the "Actions" menu located to the left of the name of each individual user.

The following actions are available to modify "Users":

Modify User Actions

Result of Action

Unlock Account

Unlocks target account by removing suspension for "locked" users.

Lock Account

Suspends the user and prevents them from logging in without removing the account.

Reset Password

Generates an email to the target user, asking them to set up a new password.

Update User

Allows modification of name, email, and password. In addition, admins can provide users with the ability to generate API keys.

Promote to Domain Admin

Adds domain admin privilege to the user.

Modify Basic User Group Associations

Adds or removes user from Groups, which will grant/revoke privileges to a user from the Group’s roles.

Require MFA for User

Requires MFA for target user. User will be required to setup TFA on their next login attempt. Note: this option will only display if MFA is not already enabled.

Reset MFA

Resets MFA requirement for target user. (Appears only for users who have MFA enabled.)

Disable MFA Requirement

Disables MFA requirement for target user. (Appears only for users who have MFA enabled.) Refer to the User Passwords & Multi-Factor Authentication page

Delete

Deletes user; record is maintained for change history accountability but name and email are purged.

Change Authentication Server

Allows Admins to migrate an existing local user to an SSO provider to avoid having to delete/recreate the user.

Note: Transitioning to "LOCAL" is not supported.

Identity Management - Modifying UsersIdentity Management - Modifying Users

Identity Management - Modifying Users

Download Users

Administrators also have the ability to download a .CSV file of users from the Users tab. The download button is located at the top right of the Users tab in Identity Management.

Download Button on Users TabDownload Button on Users Tab

Download Button on Users Tab

API Keys

The "API Keys" view under Identity Management allows administrators to view, add, replace/revise, and delete API Keys for users.

API Key Administration.API Key Administration.

API Key Administration.

A column with a status for API keys is also part of the view (and download) for both the "Domain Admins" and "Users" views under Identity Management.

Domain Admins - API FieldsDomain Admins - API Fields

Domain Admins - API Fields

Beginning with InsightCloudSec 22.3.1 administrators and users (via "My Profile") have the ability to generate an API Key with an expiration value. This field will be available for any new API keys. To enable an expiration for a user with an existing API Key you will need to replace the current key.

API Key - Expiration Value ExampleAPI Key - Expiration Value Example

API Key - Expiration Value Example

Domain Admins

Domain Admins can be managed from the first tab in the Identity Management section (under Administration on the left-side menu). Updating, deleting, and requiring MFA or "Two Factor Authentication" for a Domain Admin are available via the actions menu.

Identity Management - Domain AdminsIdentity Management - Domain Admins

Identity Management - Domain Admins

Add Domain Admin

In addition, these steps are identical to create a "Read-Only Admin", simply select "Read Only" for the account type.

1. Navigate to "Administration --> Identity Management" and select the "Domain Admin" tab.

2. Locate the "Add Admin" to open the "Create Admin" form.

3. Select the type of "Authentication" you would like to assign and then fill out the form as desired.

  • Form fields will vary based on the type of authentication selected.
Identity Management - Create AdminIdentity Management - Create Admin

Identity Management - Create Admin

Modify/Update Domain Admin

To update an existing Domain Admin, navigate to "Administration --> Identity Management" and select the Domain Admins tab. Click on the "Actions" menu to the left of the desired Domain Admin and select "Update Admin" to view/modify their settings.

The following actions are available to modify domain admin:

Modify Domain Admin

Unlock Admin

Unlocks target account by removing suspension for "locked" users.

Lock Admin

Suspends the user and prevents them from logging in without removing the account.

Update Admin

Modify name, email, and password.

Reset Password

Generates an email to the target user, asking them to set up a new password.

Revoke Domain Admin Role

Removes Domain Admin privileges.

Require MFA for User

Requires MFA for target user. User will be required to setup TFA on their next login attempt. Note: this option will only display if MFA is not already enabled.

Reset MFA

Resets MFA requirement for target user. (Appears only for users who have MFA enabled.)

Disable MFA

Disables MFA requirement for target user. (Appears only for users who have MFA enabled.)

Delete

Deletes user; record is maintained for change history accountability but name and email are purged.

Read-Only Admin

InsightCloudSec includes support for a Read Only Admin, which allows a user to be given full read-only access to the entire installation; however, users of this type cannot take any lifecycle operations on cloud resources, create Insights, Bots, or any other administrative function within the tool. This feature is especially useful for customers running multiple organizations.

You can set up a Read-Only Admin either by selecting Add Admin on the Domain Admins tab of the Administration main age and then selecting "Read Only Admin" as the "Account Type", or by modifying an existing Admin and changing the account type under the Actions menu.

Creating a Read Only AdminCreating a Read Only Admin

Creating a Read Only Admin


Did this page help you?