User Management

^{Last Updated: 2024-12-10}

Purpose

This article describes the procedure to manage users in the portal.

Introduction

The user management page IAM (Identify and Access management) provides the backbone for controlling who can authenticate to the system and what resources they can access. IAM is used to control who is authenticated (signed in) and authorized (has permissions) to use resources. Through the IAM (Identity and Access Management) interface, administrators create users, assign them roles and resource groups, and thereby define their authorization scopes. This mechanism is essential for enforcing least privilege, segmenting access across different environments or teams, and maintaining secure, auditable control over portal functionality and data.

Accessing the IAM View

To navigate to this section, 

1. Log in to the Portal. See the Logging in to the portal article for the different ways to access the Portal view.

2. Click the Account icon in the upper right corner.
   Note that the initials in the icon may change depending on username.
   

   

   
   

3. In the context menu, select Identity Access Management (IAM) to access the IAM page.
   

   

   
   

This displays the Identity Access Management page which is divided in three tabs, Users, Roles, and Resource Groups.

User Management in IAM

Add a User

To add a user:

1. Click the green +Add user button on the lower right corner.

2. Fill in the required user details.

   

   
   

   
   

   ^{*) Required}

3. Click the blue ADD button to finish adding the user.

Edit User

To edit a user

1. Click the edit icon on the user you want to edit.

   

2. Update the required details.

3. Click the blue Update button to save and confirm the update.

Password Recovery

To change a password on a user

1. Click the edit icon on the user you want to edit.

   

2. Click the Password tab.

   

   
   

3. Click the blue Send button to send a password recovery e-mail to the user.

Delete User

To remove a user:

1. Click the Delete icon on the user you want to remove.

2. Click the red DELETE button to confirm. 

   

Assign a Role to a User

To assign a role to a user, 

1. Click on the assign roles icon displayed on the bottom bar. 
    

   

   
   

2. Select the required roles and click ASSIGN. 

3. The newly assigned roles are shown under the USERS view. 

Assign a Resource Group to a User

To assign a resource group to a user, 

1. Click on the assign resource groups icon displayed on the bottom bar. 

   

   
   

2. Select the required resource groups and click ASSIGN. 

3. The newly assigned resource groups are shown under the USERS view. 

OUTSCAN Super Users and Sub Users in the Portal

If a Super user or Sub user is created in OUTSCAN, they cannot access configurations and other tabs in the Appsec portal. In the new UI and Rest API there is no concept of superuser. If a user should have access to everything they must be granted the default role Admin and default resource group All Resources or some other custom roles/resource groups giving them the equivalent access rights. By default,  all users that are create have no roles or resource groups set. and need IAM roles/resource groups granted to access things.

To use the portal, follow the information below:

1. Log in to OUTSCAN / HIAB with a main user.

2. Go to Main Menu > Portal.

3. Click the Account icon in the upper right corner.

4. Select IAM (Identity Access Management).

5. Select the user which you need access granted.

6. Select the role as Admin and resource group as All Resources.