Skip to main content

 

 

Cisco Defense Orchestrator

User Management

Before you create or edit a user record in Defense Orchestrator, read Identity Provider Account Relationship to Defense Orchestrator Account to learn how the IdP account and the user record interact. Defense Orchestrator users need a corresponding identity provider account so they can be authenticated to access Defense Orchestrator. 

You can see all the user records associated with your tenant on the User Management screen. This includes any Cisco support engineer temporarily associated with your account to resolve a support ticket.

View the User Records Associated with your Tenant

1. From the user menu, select Settings.

user_menu.png


2. Click User Management.

user_manage_super.png

Note: To prevent Cisco support from accessing your tenant, configure your Account Settings in the General Settings page.

Create a Defense Orchestrator User Record

To create a Defense Orchestrator user record, follow this procedure. Keep in mind that this procedure only creates the user's Defense Orchestrator user record, not the user's account in the identity provider. Your own role will need to be that of a Super Admin to perform this task.

  1. Login to Defense Orchestrator. 
  2. From the user menu, click Settings.
  3. Click User Management.
  4. Click the blue plus button blue_cross_button.png to add a new user to your tenant. 
  5. Provide the email address of the user.

Note: The email address must correspond to the email address of the corresponding identity provider account if one has already been created.

  1. Select the user's role from the Role drop-down menu.
  2. Click OK.

Edit the Role of the Defense Orchestrator User Record

You will need to have the role of Super Admin to perform this task. If the Super Admin changes the role of a Defense Orchestrator user that is logged in, once their role has been changed, the user is automatically logged out of their session. Once the user logs back in, they assume their new role. 

Caution: Changing the role of a user record will delete an API token associated with the user record if there is one. 

To edit the role defined in the user record, follow this procedure.

  1. Login to Defense Orchestrator.
  2. From the user menu, click Settings.
  3. Click User Management.
  4. Click the edit icon edit.png in the user's row.
  5. Select the user's new role from the Role drop-down menu.
  6. If the user record shows that there is an API token associated with the user, you will need to confirm that you want to change the user's role and delete the API token as a result.
  7. Click OK.
  8. If Defense Orchestrator deleted the API token, contact the user so that they may create a new API Token

Note: If a Defense Orchestrator user is logged in, and a Super User changes their role, the user must log out and log back in again for the change to take affect. 

Delete a Defense Orchestrator User Record

Deleting a user record in Defense Orchestrator prevents the associated user from logging in to Defense Orchestrator by breaking the mapping of the user record with the identity provider account. When you delete a user record, you are also deleting the API token associated with that user record should there be one.

Keep in mind that deleting a user record in Defense Orchestrator does not delete the user's account in the identity provider. 

You will need to have the role of Super Admin to perform this task.

  1. Login to Defense Orchestrator.
  2. From the user menu, click Settings.
  3. Click User Management.
  4. Click the trash can icon trash.png in the row of the user you want to delete.
  5. Click OK.
  6. Confirm that you want to remove the account from the tenant by clicking OK.
  7. (Optional) If appropriate, delete the corresponding identity provider account for this user.