Skip to content

User Management

Each organization has one main account (the first registered user) and multiple secondary users. Users are managed from the User management menu. Users can be configured with the following properties:

  • Email and password - the main authentication credentials. Users are encouraged to change the initial password after login.
  • Role - the role defines what part of the functionality is accessible to the user. Predefined roles are: Admin, Manager, Security analyst, Sysadmin, Developer, IT, Auditor, Business analyst and Public user. Admins have full control, managers have access to most features except organization configuration, Other staff have access to technical features and Auditors and public users have access only to the dashboard. Custom roles can be defined as well.
  • Allowed data sources - the data sources to which the user has access. If none are selected the user has access to all data sources.
  • Expiration date - optional, sets a date when the user is automatically deleted. Useful for auditor accounts for the duration of an audit.
  • Password - optional, if not set, the user will receive an email to set their password.

Role-based access control

Access to particular data sources can be defined using custom roles. Each user can be assigned one or more roles that define access to particular data sources. A role can also have access to a group of data sources, rather than individual sources.

Custom roles support hierarchies - a child role inherits all data sources from a parent role, allowing flexible and granular access control.

SAML 2.0 Authentication

LogSentinel (both SaaS and on-premise) can be integrated with a SAML 2.0 identity provider. In order to do that, the following should be specified:

  • EntityID - there is a recommended value above the field, but depending on the provider you may not be able to use it, so fill in whatever entity ID is set in the identity provider
  • SAML SSO URL (also called Login URL) - this is the URL where the authentication request gets sent. You should be able to obtain that from the identity provider
  • SAML verification certificate - an optional X.509 certificate for verifying signatures (obtained from the identity provider)
  • SAML asserting party entity ID - the ID of the identity provider (also called asserting party)
  • SAML Metadata URL (optional) - some identity providers support metadata URLs which can be used to obtain the necessary parameters instead of manually entering them
  • Allowed users - an attribute name (usually the one that contains the user roles/groups) and a comma-separated list of allowed values. Only those users will be allowed to sign-in.

You may also need to set a redirect URL (Reply URL, consumer service location) in the identity provider configuration. The value for that is provided above the form.

Once configured, you can copy the authentication URL to login via SSO, or use the SSO login functionality on the login page. If authenticated users don't yet have an account, it is automatically created.