Local user management

You manage users and choose authentication methods from the Users & Access page, available from System Settings in the left navigation.

By default, Investigator provides local authentication for users. You can use the Access tab to switch to SSO SAML authentication.

Admin users can view, create, and manage local users. The User tab on the Users & Access page displays information about currently provisioned users including their alias, role, and status.

A user’s status can be:

  • Invited. An invitation email was sent, but the user hasn’t completed their account registration. Temporary credentials expire in 7 days.

  • Active. The user accepted the invitation and completed their account registration. An admin can activate a user account at any time.

  • Inactive. The user account is suspended. While their account is inactive, the user can’t access Corelight Investigator but their account settings and data are preserved. An admin can inactivate a user account at any time.

To add a new user

  1. From System Settings in the left navigation, choose Users & Access.

    The User tab appears.

  2. Click + Add User.

  3. Provide these user details.

    • Alias. The alias is not a username, but essentially a nickname for the account. This value has a limit of 30 characters. The user can change this alias later in their account settings, but the admin can’t edit it once created.

    • Email. The login name. The initial confirmation email with account access details is sent to this address. The email address can’t be changed once the user is created. To change the email, the admin must delete the user and recreate their account with the new address.

    • Role. Specify if this user is an analyst, if they can perform admin tasks like user management and system configuration, or if they can simply be a viewer of detections without taking action.

  4. If you don’t want this user to have immediate access, such as a new hire starting at a later date, select Create User As Inactive.

    You can edit this user information and change the state to active at any time. The user receives their welcome and account confirmation emails as soon as they’re marked as active.

  5. Click Create.

To edit user details

  1. For the user entry, click the edit icon () in the Actions column.

    An admin can change a user’s role and status but can’t edit the alias or the email. The user can change their own alias in their account settings. To change the account email, the admin must delete the user and recreate their account with the new address.

    Note

    Email addresses are obscured in the full user list, but if you edit the user details you can view the configured value.

  2. Click Save.

    When a user role or status changes, the system sends an email to notify the user.

    When a user role changes, the user is forced to log out and log in again so the system properly recognizes the new role.

Use the checkboxes to select and change the status of multiple users with a single click.

To delete a user

  1. Select the user entry and click Delete.

  2. Confirm the action.

You can select multiple users to delete more than one at a time.