Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

The Cloud Services Portal provides role-based access control with which you can manage user access based on roles and permissions. With the ability to define access policies, you can restrict service-related responsibilities to certain user roles and user groups. For example, you can limit BloxOne Threat Defense administrator permissions (defined in the TD Administrator Role) to the BloxOne Threat Defense admin user group (ib-td-admin), while allowing read-only access to the BloxOne Threat Defense user group (ib-td-user) for viewing configurations and reports only. Similarly, you can limit BloxOne DDI administrator (defined in the DDI Administrator Role) to the BloxOne DDI admin user group (ib-ddi-admin), while allowing read-only access to the BloxOne DDI user group (ib-ddi-user) for viewing configurations and reports only. Role-based access control is primarily based on service accessibility, which results in explicit permissions for users or user groups to view, start and stop, or configure service-related tasks and features based on responsibilities within your organization.

The Cloud Service Portal provides several default user roles, user groups, and access policies as a quick-start configuration, so you can quickly assign new users to user group(s) for them to gain access to relevant services and tasks. All default user groups are predefined in quick-start access policies that grant access to specific services and authorize specific users to a set of permissions, so they can perform specific responsibilities based on their roles. For example, the predefined Access Control Administrators Policy applies the Access Control Administrators Role to the access control admin user group (ib-access-control-admin), which grants access to all users in the ib-access-control-admin group permissions to view and configure licenses, users, user groups, and access policies. The Cloud Services Portal offers a few other access policies based on your license entitlements. You can use these quick-start configurations to quickly onboard your new users by placing them in their respective user groups, so they can gain access to the services to perform corresponding tasks. For more information, see Configuring Access Policies.

To set up role-based access control, use the following workflow to complete the tasks:

  1. Create new users and assign them to their respective user group(s) based on their respective roles and responsibilities within your organization. All users must belong to at least one user group. For more information, see Configuring Users.
  2. Review the default user groups and create additional groups (if needed) based on your business requirements and user responsibilities. For more information, see Configuring User Groups.
  3. Review the default access policies and create additional access policies (if needed) by applying user roles to respective user groups. Note that an access policy grants all users in a user group a set of permissions defined in the user role, so the users can access the services and perform the tasks associated with the selected user role. For more information, see Configuring Access Policies
  4. Create new user roles if the predefined one do not fit your organization needs. For more information, see Creating Roles.

Using role-based user access control, you can also define service account users and assign service API keys to them to facilitate API authentication. Service users are account users you use to communicate with the BloxOne API when performing specific tasks. For example, you can use a service API key to authenticate an API call to automate a process that generates reports on the Cloud Services Portal and sends the report to yourself via email. The service API key is the authentication token key that you use in your API request for authentication purposes. You can also create service users and service API keys for user management purposes. For example, you can create a service user called "SCIM delete user" and associate this user with a service API key to delete invalid users in a systematic manner and automate the cleanup process of invalid users. Invalid users can be those who have left your company or those who are not allowed to log in to your system for specific reasons. For information about service API keys, see Configuring Service API Keys.

To set up service users and service API keys, complete the following:

  1. Create a service account user. For more information, see Configuring Users.
  2. Create a service API key and assign it to a service user. For more information, see Configuring Service API Keys.
  • No labels