Users
To navigate to the Users page, open the Main Menu, and select Administration. Once the Administration section is displayed, select the Access Control tab at the top of the page, and then Users under that.
Main Menu > Administration > Access Control > Users
This page displays all users that have been created in the system. If other users are yet to be added, the only user displayed will be the Admin user, which cannot be deleted. On the right, Edit
and trash
icons are available, which can be used to edit and delete user’s information respectively.
On the Users page, you have several controls for viewing, sorting, and managing users. In the upper-right is a Search field that helps you search users. You can limit the number of users to be displayed on a page and you can click on any field to sort the list accordingly.
You can click the Invite User button in the upper-left corner to add a new user. By clicking on the button, a pop-up will appear, and the Authentication type, Email, Permissions, and Group fields are to be filled. Next, you can invite the user by clicking Invite.
The user’s information can be edited by clicking the Edit
icon. You have various fields available when editing a user, along with Status dropdown to Enable or Disable a user.
Groups
Risk mitigation and effective incident response require coordination among different teams. Thus, SIRP allows you to categorize different users in different departments or teams in “Groups. You can either use one of the existing groups or create your own by clicking on Create Group button, which is displayed at the top of the page.
To manage groups, go to the Main Menu and select Administration. Across the top of the page, click on Access Control, and below that Groups.
Main Menu > Administration > Access Control > Groups
Your screen should look something like this:
Roles
SIRP has four built-in roles that cannot be edited or deleted. They are:
Administrator
Manager
Analyst
Observer
To manage roles, go to the Main Menu and select Administration. Across the top of the page, click on Access Control, and below that select Roles.
Main Menu > Administration > Access Control > Roles
Your screen should look something like this:
You can also create custom roles. Simply, click on the Create Role button on the top, fill in the Name and Description fields, and select Create.
Privileges
SIRP provides the following privileges for the four built-in roles:
Administrator | User has full privileges and can access all SIRP functions. |
Manager | User has full privileges except for the Administrator permissions. |
Analyst | User can manage assets, incidents, vulnerabilities, threat intelligence, and risks. Create and execute playbooks and view all the data. |
Observer | User can view everything, but cannot edit nor execute anything. |
To access the privileges page, go to the Main Menu and select Administration. Across the top of the page, click on Access Control, and below that select Privileges.
Main Menu > Administration > Access Control > Privileges
Privileges to different roles can be assigned by clicking on the Assign Privilege button displayed at the top of the page. By clicking this button, a pop-up will appear, and the user must select a Role and use toggle buttons to assign relevant privileges. Once the privileges are selected, click on the Assign button.
Third-Party Auth
SIRP allows organizations to allow users to login using third-party authentication provider. The available authentication types include the following:
OpenID
LDAP
Google 2FA Authenticator
To access the third-party authentication page, go to the Main Menu and select Administration. Across the top of the page, click on Access Control, and below that select Third-Party Auth.
Main Menu > Administration > Access Control > Third-Party Auth
You can add an authentication mechanism to be used within your organization by clicking on the Add Authentication option displayed on the top of the page. A pop-up will appear. Select relevant options from the Authentication Type and Authentication Vendor dropdown fields, and press Create.
Session and Password
SIRP allows administrators to configure session and password strength settings. You can customize the following fields as per your organizational preference:
Session Management Settings:
Inactivity timeout (minutes): Idle time before a user gets logged-out.
Absolute timeout (minutes): Duration after which users will be auto-logged-out forcefully.