The users can be managed under the respective tab on the User Menu.
Under this menu, an Administrator is able manage user accounts by adding, removing or disabling them. Additionally they are presented with an overview of last login and last password change details per account.
When a user is invited to join an organization and does not already have a Whalebone account, a new account is created for them and an activation link is being sent to their registered email address.
The two types of users that are supported are:
- Users: users that have their primary account registered under the specific organization.
- External Users: (If available) users that belong to another organization but can be assigned a role under a different Whalebone Portal tenant. e.g. resellers
Each user can be assigned one or more roles which can be combined to shape their final role.
Below are described the different roles and the actions that they are able to perform.
|Action||Read Traffic||List Editor||Security policy Admin||API Credentials||Read only||Operations Read Only||DNS Admin||Admin|
|View Threat Data||☑||☑||☑|
|View DNS Traffic||☑||☑||☑|
|View Security Policies||☑||☑||☑|
|Edit Security Policies||☑||☑|
|View Resolver Configuration||☑||☑||☑||☑||☑|
|Edit Resolver Configuration||☑||☑||☑|
|View API Tokens||☑||☑||☑|
|Generate API Tokens||☑||☑|
|View Network Configuration||☑||☑||☑||☑||☑|
|Edit Network Configuration||☑||☑||☑|
The Organization Setting can be found under the User Menu.
Portal Access Policy¶
Portal Access Policy defines security mechanism for users accessing Whalebone’s Portal. The following settings can be configured:
- Allowed IP Ranges: IPv4 or IPv6 ranges in CIDR notation, e.g. 10.0.0.0/24 that are allowed to access Whalebone Portal.
- Account Lockout: If enabled, it can limit the number of failed
login attempts. The available options are:
- Failed Login Limit: Number of unsuccessful login attempts before locking the account. Default is 5.
- Lockout Duration: Time duration in minutes for disallowing login requests.
- Lockout Reset Time: Time duration in minutes before resetting the number of failed attempts.
- CAPTCHA Threshold: Number of unsuccessful login attempts before enabling the CAPTCHA verification.
- Multi Factor Authentication: Require users to use a two factor authentication (2FA) application and enter additional tokens upon logging to the portal.
The following password settings can be configured:
- Expiration Time: Number of days before a password needs to be changed.
- Password history: Number of old passwords that cannot be reused when setting up a new passwords.
- Password Attributes: The attributes that a new password should
have. The attributes that a new password can have are the following:
- Minimum Length
- Number of Digits
- Number of lowercase characters
- Number of uppercase characters
- Number of special characters