As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Manage Groups

You will learn

How to create User Groups, add Global Roles for group members, add users to a group, add Team Roles to a group, add Application Roles for a group, delete a group, and about LDAP group synchronization.

Prerequisites

Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 5 minutes
Tools required: N/A

Groups of users in ThreadFix give an administrator an easy way to apply detailed permissions to a large collection of users at once.

Creating a Group

  1. To create a new group, click on Global from the Navigation sidebar, expand the Administration menu to access the Identity Management page. The first time you go to this page, it will be empty.


  2. Click the Create Group button. You will see a modal dialog, with a text field for entering the Group’s name. Enter a name for your new group, and press the Create button. You can enable the LDAP Group checkbox, and ThreadFix will connect to your LDAP service to confirm its existence when you click the Create button.

     

  3. You will see a success message, and ThreadFix will add your group to the list of groups.

  4. Now, click on the name of the group you just created, and ThreadFix displays the Group Details section. This is where you set the properties and membership of your group.

Group Details

The top of the details section gives you the ability to change your group’s name, and to set the Global Role for group members. Clicking on the Global Role dropdown, you will see a list of roles available in the system, including roles you have created.

In the example above, any user added to the Developers group will have the QA global role.

Add Users to a Group

  1. Under the Users section, begin typing a user name into the text field. A dropdown will appear containing a list of your users whose username contains the character you just typed.

     

  2. Click the Add User button. The name of your new group member will be displayed in the list of users.

     

  3. Continue adding users to your group until you are finished. Remember, at this point all users in this group have the QA role, as set above.

Add Pen Test Teams

Within a selected Group, the Pen Test Teams section allows users to add a desired Pen Test Team to a Group.

  1. Within the Pen Test Team text entry field, begin typing a Pen Test Team name into the text field. A drop-down list will appear containing Pen Test Team names whose name contains the character(s) entered.

     

  2. Click the Add Pen Test Team button. The name of the new group member will be displayed in the list of users.

     

  3. Continue adding Pen Test Teams to the group as necessary.

 

Add Team Roles to a Group

  1. You apply team roles to Groups the same way that you created team roles for a single user.

  2. Click the Add Team Role button. You will again see a modal dialog:

     

  3. Choose the team and role that you wish to grant to your new group, and click the Save Map button.

  4. ThreadFix adds your team and role to the list of Team Roles for this group. The Edit button brings up the same modal you saw on creation, allowing you to edit either the name or the role. Delete will delete the role from the groups permissions.

Add Application Roles to a Group

  1. You apply Application Roles to groups in the same way you applied them for a single user.

     

  2. Click the Add Application Role button. The system will display a modal dialog, as seen here.

     

  3. Choose a team and the system will display the applications associated with that team. Select the appropriate role for each application and click the Save Map button. ThreadFix displays your teams and their applications, along with this group’s role in those applications.

     

  4. Clicking Edit or Delete will bring up the same dialog, allowing you to change teams or applications, or to alter the applications available to this group.

Deleting a Group

At the bottom of the Group Details page, there is a red Delete Group button. This will remove the group entirely along with any associated roles.


LDAP Group Synchronization

When LDAP users log in to ThreadFix, ThreadFix synchronizes their group memberships on the LDAP server with their corresponding LDAP groups in ThreadFix.

Example:

Let's say that an LDAP user logs in to ThreadFix for the first time and is a member of an LDAP group that exists in ThreadFix:

  • The user will be added to the ThreadFix LDAP group

  • The user will gain the ThreadFix roles and permissions that are attached to the group

After each subsequent login, the user's group memberships will continue to be synchronized:

  • If the LDAP user has been added/removed from any LDAP group:

    • The user will be added/removed from the corresponding ThreadFix LDAP group

    • The user will gain/lose the roles and permissions that are attached to the group

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.