User/Organization Management¶
User Management¶
The users can be managed under the respective tab on the User Menu.
Under this menu, an Administrator is able manage user accounts by adding, removing or disabling them. Additionally they are presented with an overview of last login and last password change details per account.
Tip
When a user is invited to join an organization and does not already have a Whalebone account, a new account is created for them and an activation link is being sent to their registered email address.
The two types of users that are supported are:
Users: users that have their primary account registered under the specific organization.
External Users: (If available) users that belong to another organization but can be assigned a role under a different Whalebone Portal tenant. e.g. resellers
Tip
Each user can be assigned one or more roles which can be combined to shape their final role. The permissions are additive (stackable).
Below are described the different roles and the actions that they are able to perform.
Action |
Read Traffic |
Read Threats |
List Editor |
Security policy Admin |
API Credentials |
Read only |
Operations Read Only |
DNS Admin |
HomeOffice Security admin |
Users admin |
Admin |
|---|---|---|---|---|---|---|---|---|---|---|---|
View Threat Data |
☑ |
☑ |
☑ |
☑ |
|||||||
View DNS Traffic |
☑ |
☑ |
☑ |
||||||||
View Whitelists/Blacklists |
☑ |
☑ |
☑ |
☑ |
|||||||
Edit Whitelists/Blacklists |
☑ |
☑ |
☑ |
||||||||
View Security Policies |
☑ |
☑ |
☑ |
||||||||
Edit Security Policies |
☑ |
☑ |
|||||||||
View Resolver Configuration |
☑ |
☑ |
☑ |
☑ |
☑ |
||||||
Edit Resolver Configuration |
☑ |
☑ |
☑ |
||||||||
View API Tokens |
☑ |
☑ |
☑ |
||||||||
Generate API Tokens |
☑ |
☑ |
|||||||||
View Network Configuration |
☑ |
☑ |
☑ |
☑ |
☑ |
||||||
Edit Network Configuration |
☑ |
☑ |
☑ |
||||||||
View Alerts |
☑ |
☑ |
|||||||||
Edit Alerts |
☑ |
||||||||||
View Reports |
☑ |
☑ |
|||||||||
Edit Reports |
☑ |
||||||||||
HOS device management and policy settings |
☑ |
☑ |
|||||||||
Manage user accounts |
☑ |
☑ |
Organization Settings¶
The Organization Setting can be found under the User Menu.
Portal Access Policy¶
Portal Access Policy defines security mechanism for users accessing Whalebone’s Portal. The following settings can be configured:
Allowed IP Ranges: IPv4 or IPv6 ranges in CIDR notation, e.g. 10.0.0.0/24 that are allowed to access Whalebone Portal.
Account Lockout: If enabled, it can limit the number of failed login attempts. The available options are:
Failed Login Limit: Number of unsuccessful login attempts before locking the account. Default is 5.
Lockout Duration: Time duration in minutes for disallowing login requests.
Lockout Reset Time: Time duration in minutes before resetting the number of failed attempts.
CAPTCHA Threshold: Number of unsuccessful login attempts before enabling the CAPTCHA verification.
Multi Factor Authentication: Require users to use a two factor authentication (2FA) application and enter additional tokens upon logging to the portal.
Password Policy¶
The following password settings can be configured:
Expiration Time: Number of days before a password needs to be changed.
Password history: Number of old passwords that cannot be reused when setting up a new passwords.
Password Attributes: The attributes that a new password should have. The attributes that a new password can have are the following:
Minimum Length
Number of Digits
Number of lowercase characters
Number of uppercase characters
Number of special characters