6.2. Create and Manage Team Users

Users need an account within Cyber Triage to access the server. User management is done in a separate web interface that can be accessed after you change the deployment mode to be a Server.

https://localhost:9443/app/index.html

Use the username ‘administrator’ and the password that you set as the Server Administrator Password when the server was configured.

../../_images/team_user_web_login.png

By default, you’ll see the administrator account and an ‘api-user’ account (for REST API access and integrations).

NOTE: If you upgraded from Cyber Triage 3.9 or earlier, the administrator password is the same as was previously called the “Team Client Password”.

6.2.1. Creating an Account

You can have as many accounts as you have licensed. The api-user and ‘administrator’ accounts are not counted towards your limit, but they cannot review data.

To create an account, choose “Add User”, enter the user name and full name, and choose its permissions:

  • System Admin: Can make application changes, create users, and log into the options panel.

  • Incident Creator: Can create a new incident and add hosts to it.

If you have the Incident-level Access Control feature licnesed, you will also have the option of giving a user:

  • Super Admin: Has System Admin permissions, can see all incidents, and manage who has access to incidents.

../../_images/team_user_add.png

A temporary password will be assigned. Copy this and share with the user so that they can login for the first time. They will be forced to change it.

6.2.2. Changing a User Password

Currently, a user cannot change their own password. The administrator must reset it for them in the web application and then the user can change it when they login next.

../../_images/team_user_reset.png

6.2.3. Changing Permissions

To change the permissions for a user, select them from the list and choose “Edit User”.

If you have Incident Access Control enabled, this does not change their permission for a specific incident. To do that, you must edit the permissions on the incident. See Adding Users to an Incident.

6.2.4. Deleting a User

Users can be deleted from the web application by selecting the three vertical dots and choosing “Delete User”. The administrator and API user cannot be deleted.

6.2.5. API User

The API user cannot be used by the Cyber Triage clients. It is intended for integrations. It is created automatically with a random password. The web application will provide you with the password and the legacy REST API key if you upgraded from an older version of Cyber Triage that used that feature.