Manage Groups 3.X

Owned by Daniel Colon
Last updated: Nov 03, 2021
5 min read

You will learn

How to create User Groups, add Global Roles for group members, add users to a group, add Team Roles to a group, add Application Roles for a group, delete a group, and about LDAP group synchronization.

Prerequisites

Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 5 minutes
Tools required: N/A

Creating a Group

  1. To create a new group, click on Global from the Navigation sidebar, expand the Administration menu to access the Identity Management page.

  2. From within the Manage Groups tab click the Create button. A modal dialog will pop-up with a text field for entering the Group’s name. Enter a name for the new group; optionally, enable the LDAP Group checkbox and ThreadFix will connect to an LDAP service to confirm its existence after clicking the Create button. Press the Create button.

     

  3. A success message will display and ThreadFix will add the group to the list of groups.

  4. Click on the name of the group just created and ThreadFix will display the Group Details section. This is where the properties and group membership are set.

Group Details

The Group Details section provides the ability to change a group’s name and set the Global Role for group members. Clicking on the Global Role drop-down menu will display a list of roles available in the system, including roles created.

In the example above, any user added to the Document Example Group will have the Document Example Role assigned.

Add Users to a Group

  1. Under the Users section, begin typing a username into the text field. A drop-down list will appear containing users whose username contains the character(s) entered.

     

  2. Click the Add User button. The name of the new group member will be displayed in the list of users.

     

  3. Continue adding users to the group as necessary. Remember, at this point all users in this group have the Document Example Role, as set in the example above.

Add Pen Test Teams

Within a selected Group, the Pen Test Teams section allows users to add a desired Pen Test Team to a Group.

  1. Within the Pen Test Team text entry field, begin typing a Pen Test Team name into the text field. A drop-down list will appear containing Pen Test Team names whose name contains the character(s) entered.

     

  2. Click the Add Pen Test Team button. The name of the new group member will be displayed in the list of users.

     

  3. Continue adding Pen Test Teams to the group as necessary.

Add Team Roles to a Group

Team Roles can be applied to Groups the same way as creating team roles for a single user.

  1. From the Team Roles section, click the Add Team Role button. A modal dialog will pop-up.

     

  2. Choose the team and role that grant to the new group and click the Save Map button.

ThreadFix will add the team and role to the list of Team Roles for this group. The Edit button brings up the modal previously used during creation, allowing editing of either the name or the role. Delete will delete the role from the groups permissions.


Add Application Roles to a Group

Application Roles can be applied to groups in the same way as applying them for a single user.

  1. Click the Add Application Role button.


     

  2. The system will display a modal dialog, choose a team and the system will display the applications associated with that team. Select the appropriate role for each application and click the Save Map button.

     

  3. ThreadFix displays teams and their applications, along with this group’s role in those applications. Clicking Edit or Delete will bring up the same dialog, allowing changes to teams or applications, or to alter the applications available to this group.

Deleting a Group

At the bottom of the Group Details page, there is a red Delete Group button. This will remove the group entirely along with any associated roles.

LDAP Group Synchronization

When LDAP users log in to ThreadFix, their group memberships are synchronized on the LDAP server with their corresponding LDAP groups in ThreadFix. For example:

If an LDAP user logs in to ThreadFix for the first time and is a member of an LDAP group that exists in ThreadFix:

  • The user will be added to the ThreadFix LDAP group

  • The user will gain the ThreadFix roles and permissions that are attached to the group

After each subsequent login, the user's group memberships will continue to be synchronized:

If the LDAP user has been added or removed from any LDAP group:

  • The user will be added/removed from the corresponding ThreadFix LDAP group

  • The user will gain/lose the roles and permissions that are attached to the group

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.