Cloud Storage Security Help Docs
Release Notes
  • Introduction
  • Getting Started
    • How to Subscribe
      • Pay-As-You-Go (PAYG)
      • Bring Your Own License/GovCloud (BYOL)
      • AWS Transfer Family
    • How to Deploy
      • Steps to Deploy
      • Advanced Deployment Considerations
      • AWS Transfer Family
    • How to Configure
  • Console Overview
    • Dashboard
    • Malware Scanning
      • AWS
        • Buckets
        • Amazon EBS Volumes
        • Amazon EFS Volumes
        • Amazon FSx Volumes
        • WorkDocs Connections
      • Azure
        • Blob Containers
      • GCP
        • GCP Buckets
    • See What's Infected
      • Findings
      • Malware History
      • Results
    • Schedules
    • Monitoring
      • Error Logs
      • Bucket Settings
      • Deployment
      • Jobs
      • Notifications
      • Storage Assessment
      • Usage
    • Configuration
      • Classification Rule Sets
      • Classification Custom Rules
      • Scan Settings
      • Console Settings
      • AWS Integrations
      • Job Networking
      • API Agent Settings
      • Proactive Notifications
      • License Management
      • Event Agent Settings
    • Access Management
      • Manage Users
      • Manage Accounts
        • Linking an AWS Account
        • Linking an Azure Account
        • Linking a GCP Account
      • Manage Groups
    • Support
      • Getting Started
      • Stay Connected
      • Contact Us
      • Documentation
  • Product Updates
  • How It Works
    • Scanning Overview
      • Event Driven Scanning for New Files
      • Retro Scanning for Pre-Existing Files
      • API Driven Scanning
    • Architecture Overview
    • Deployment Details
    • Sizing Discussion
    • Integrations
      • AWS Security Hub
      • AWS CloudTrail Lake
      • AWS Transfer Family
      • Amazon GuardDuty
      • Amazon Bedrock
    • Demo Videos
    • Scanning APIs
    • SSO Integrations
      • Entra ID SSO Integration
      • Okta SSO Integration
  • Frequently Asked Questions
    • Getting Started
    • Product Functionality
    • Architecture Related
    • Supported File Types
  • Troubleshooting
    • CloudFormation Stack failures
    • Cross-Region Scanning on with private network
    • API Scanning: Could not connect to SSL/TLS (v7)
    • Password not received after deployment
    • Conflicted buckets
    • Modifying scaling info post-deployment
    • Objects show unscannable with access denied
    • Remote account objects not scanning
    • My scanning agents keep starting up and immediately shutting down
    • I cannot access the management console
    • Linked Account Out of Date
    • Rebooting the Management Console
    • Error when upgrading to the latest major version
    • I Cannot Create/Delete an API Agent
  • Release Notes
    • Latest (v8)
    • v7
    • v6 and older
  • Contact Us & Support
  • Data Processing Agreement
  • Privacy Policy
Powered by GitBook
On this page
  • Overview
  • Manage Users
  • Create User
  • Modify User
  • Change Password
  • Setup MFA
  • Sign out
  • Single Sign-On (SSO)
  1. Console Overview
  2. Access Management

Manage Users

Everything you need to know about managing users within your deployment.

PreviousAccess ManagementNextManage Accounts

Last updated 1 month ago

Overview

A user was initially specified and created during the deployment process. As with any new user, you were required to change your password as you signed in for the first time. The Manage Users section of the console is to extend the management of user(s) beyond that initial setup. From the Manage Users page you can create additional users (assuming your user is an Admin), delete users and modify users in the form of assigning them to groups and changing their roles.

Manage Users

Managing users involves creating, modifying, deleting or activating/deactivating their accounts. At the time of creation you will also assign them one or multiple to belong to. You can change the group assignment later as well.

You may not be using Groups to organize your accounts. There is always one group created by default, the Primary group. In this situation you would specify Primary as the group value.

As seen below you are presented a simple page with the list of existing users. Directly after install you will only have one user in the list that was created during deployment. You can add more users as desired from this page and they will be reflected here as well.

Create User

Creating a new account is a simple process. Click the Create User button.

Provide a User Name, a valid Email Address, the User Access Level and a Group to belong to. An email will be sent to the specified email address with a login URL and Temporary Password. There are fourUser Access Levels: Admin, User, Read Only, and API. The difference being Admin has access to all screens and configuration capabilities, while the User will not be able to create additional users or modify any of the configuration. Read Only users cannot perform actions. They can view pages, metrics, etc. but they cannot protect buckets, make changes, etc. API access level allows a user to execute API calls, but not login to the console at all.

User account types can see all dashboards and buckets and can enable / disable buckets.

After creating the new user, they will be in a pending state until they have logged in and reset their password. They have 7 days to complete this with the password that was sent to them. After that time period, you will have to delete and recreate the user.

Modify User

Change Groups

Selecting Change Groups pops open the following:

Change Role

Selecting Change Role pops open the following:

Disable and Delete User

In order to delete a user, you must disable the user first.

Setup for API Scanning Access

Setting up API Access for a user enables their username and password to be used to send file scan requests against the configured API Agents. You must associate a user to an Account Number track usage. Because API scanning can operate outside the bounds of Amazon S3, we have to fabricate a usage tracking mechanism. So any API file scanning this user does will be tied to the Account Number associated.

To enable a user for API access you select the Actions menu for the user and select Enable API Access

You'll be prompted to pick an account to associate to the user and then click the Enable Access button

Afterwards you will notice they have an Account Number showing under the API Account column

If you want to create an api-only user without console access, make sure to set the role to API

Change Password

Just as you did when you first logged into the console, you need to provide your current password and then what you'd like for your new password. Be sure to follow the rules as described at the bottom of the page.

You cannot reset another user's password from the console. Have the user leverage the Forgot Password link at the login screen.

Setup MFA

You'll be presented your user information overview and the option to enable MFA. Clicking the Enable... link will start the process to setup MFA. You can also identify if you have saved the device you are currently accessing from as "remembered" so you do not have to use MFA each time.

Enable MFA Settings:

  1. Click Enable...

  2. Enter your existing password and click Generate Setup Key

  3. Use your one time password application of choice to scan the QR code and enter the first one time code and click the Verify button

  4. On the final screen, click the Enable MFA button

You will now be presented with your user settings showing MFA is enabled.

The next time you login you will be prompted to enter the OTP after the standard username / password login screen. You can choose to save this computer off or not so you have to enter MFA each time you login.

Sign out

Single Sign-On (SSO)

To modify an existing user, select the action menu () on the particular user's row. Now select the appropriate action you'd like to take: Change Groups, Change Role, Disable User or Enable API Access. If the user has already been disabled you will be given an option to delete the user.

For more information on API based file scanning and what APIs are available, check out the page.

To change your own password, you will select the user icon in the upper right corner of the console and select Change Password from the menu.

To turn MFA on, you will select the user icon in the upper right corner of the console and select Settings from the menu.

To sign out of the console, you will select the user icon in the upper right corner of the console and select Sign Out from the menu.

You can find more information on implementing Single Sign-On (SSO) for your deployment by going to .

groups
API Scanning Overview
this FAQ answer
User List
Create User Menu
Create Account
Create Account Pending
Modify User
Password Reset
Signout
user menu
User icon
User icon
User icon