Manage Groups 3.X
You will learn
How to create User Groups, add Global Roles for group members, add users to a group, add Team Roles to a group, add Application Roles for a group, delete a group, and about LDAP group synchronization.
Prerequisites
Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 5 minutes
Tools required: N/A
Creating a Group
To create a new group, click on Global from the Navigation sidebar, expand the Administration menu to access the Identity Management page.
From within the Manage Groups tab click the Create button. A modal dialog will pop-up with a text field for entering the Group’s name. Enter a name for the new group; optionally, enable the LDAP Group checkbox and ThreadFix will connect to an LDAP service to confirm its existence after clicking the Create button. Press the Create button.
A success message will display and ThreadFix will add the group to the list of groups.
Click on the name of the group just created and ThreadFix will display the Group Details section. This is where the properties and group membership are set.
Group Details
The Group Details section provides the ability to change a group’s name and set the Global Role for group members. Clicking on the Global Role drop-down menu will display a list of roles available in the system, including roles created.
In the example above, any user added to the Document Example Group will have the Document Example Role assigned.
Add Users to a Group
Under the Users section, begin typing a username into the text field. A drop-down list will appear containing users whose username contains the character(s) entered.
Click the Add User button. The name of the new group member will be displayed in the list of users.
Continue adding users to the group as necessary. Remember, at this point all users in this group have the Document Example Role, as set in the example above.
Add Pen Test Teams
Within a selected Group, the Pen Test Teams section allows users to add a desired Pen Test Team to a Group.
Within the Pen Test Team text entry field, begin typing a Pen Test Team name into the text field. A drop-down list will appear containing Pen Test Team names whose name contains the character(s) entered.
Click the Add Pen Test Team button. The name of the new group member will be displayed in the list of users.
Continue adding Pen Test Teams to the group as necessary.
Add Team Roles to a Group
Team Roles can be applied to Groups the same way as creating team roles for a single user.
From the Team Roles section, click the Add Team Role button. A modal dialog will pop-up.
Choose the team and role that grant to the new group and click the Save Map button.
ThreadFix will add the team and role to the list of Team Roles for this group. The Edit button brings up the modal previously used during creation, allowing editing of either the name or the role. Delete will delete the role from the groups permissions.
Add Application Roles to a Group
Application Roles can be applied to groups in the same way as applying them for a single user.
Click the Add Application Role button.
The system will display a modal dialog, choose a team and the system will display the applications associated with that team. Select the appropriate role for each application and click the Save Map button.
ThreadFix displays teams and their applications, along with this group’s role in those applications. Clicking Edit or Delete will bring up the same dialog, allowing changes to teams or applications, or to alter the applications available to this group.
Deleting a Group
At the bottom of the Group Details page, there is a red Delete Group button. This will remove the group entirely along with any associated roles.
LDAP Group Synchronization
When LDAP users log in to ThreadFix, their group memberships are synchronized on the LDAP server with their corresponding LDAP groups in ThreadFix. For example:
If an LDAP user logs in to ThreadFix for the first time and is a member of an LDAP group that exists in ThreadFix:
The user will be added to the ThreadFix LDAP group
The user will gain the ThreadFix roles and permissions that are attached to the group
After each subsequent login, the user's group memberships will continue to be synchronized:
If the LDAP user has been added or removed from any LDAP group:
The user will be added/removed from the corresponding ThreadFix LDAP group
The user will gain/lose the roles and permissions that are attached to the group
Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.