Managing Users¶
Invite your team members to your Wallarm account and assign each one a specific role to safeguard sensitive information and limit account actions. Manage users under Settings → Users.
Only Administrator and Global Administrator roles have user management privileges.
User roles¶
Users of Wallarm clients can have the following roles:
-
Administrator with access to all Wallarm settings.
-
Analyst with access to view main Wallarm settings, and manage information about attacks, incidents and vulnerabilities.
-
Read Only with access to view main Wallarm settings.
-
API Developer with access to view and download the API inventory discovered by the API Discovery module. This role allows distinguishing users whose tasks only require using Wallarm to get actual data on company APIs. These users do not have access to any Wallarm Console sections except for API Discovery, its dashboard, and Settings → Profile.
-
Deploy with access to create Wallarm filtering nodes using the
addnode
script and with no access to Wallarm Console.Using the Deploy role to install the Wallarm node 4.0
The Deploy user role is recommended to be used to install only nodes 3.6 and lower since the
addnode
script is deprecated in the release of version 4.0.
The multitenancy feature also enables you to use the global roles Global Administrator, Global Analyst, Global Read Only. Global roles provide users with access to the technical tenant account and linked tenant accounts, regular roles provide users with access only to the technical tenant account.
More detailed information about access of different user roles to the Wallarm entities is provided in the table below. Entity management covers entity creating, editing, and deleting.
Entity | Administrator / Global Administrator | Analyst / Global Analyst | Read Only / Global Read Only | API Developer |
---|---|---|---|---|
Filtering nodes | View and manage | View | View | - |
Dashboard | View | View | View | - |
Attacks | View and manage | View and manage | View | - |
Incidents | View and manage | View and manage | View | - |
API Sessions | View | View | View | - |
Vulnerabilities | View and manage | View and manage | View | - |
API inventory by API Discovery | View and manage | View and manage | - | View and download |
API Specifications | View and manage | View | View | View |
Scanner | View and manage | View and manage | View | - |
Triggers | View and manage | - | - | - |
IP lists | View, manage, and export | View, manage, and export | View and export | - |
Rules | View and manage | View and manage | View | - |
Credential Stuffing Detection | View and manage | View and manage | View | - |
BOLA protection | View and manage | View | - | - |
Integrations | View and manage | - | - | - |
Filtration mode | View and manage | View | View | - |
Applications | View and manage | View | View | - |
Users | View and manage | - | View | - |
API tokens | Manage personal and shared tokens | Manage personal tokens | - | - |
Activity log | View | - | View | - |
Inviting a user¶
You can add a user to your account in two ways, both involving the creation and sharing of an invitation link. You can either have Wallarm automatically send the invitation link to the user's specified email or share the link directly with the user.
Automatic email invitation¶
For this method, set up the user's role, email, and names in advance, and Wallarm will automatically send an invitation email with a link to log in and set a password to the specified user's email. The user should then follow the link to complete the signup process.
To send an invitation link automatically, click the Add new user button and complete the form:
After submitting the form, the user will be added to your list of users and receive an email with the invitation link.
Manual invitation link sharing¶
Generate an invitation link by selecting your team member's email, their role, and the link's duration using the Invite by link option. Then, share this link with the intended user.
This link leads them to the Wallarm signup page to create their account by choosing a password and entering their name.
After signup, they will be added to your user list and will receive a confirmation email.
Changing user settings¶
Once a user appears in the user list, you can edit their settings using the Edit user settings option from the corresponding user menu. This allows you to change their assigned user role, first name, and last name.
Disabling 2FA¶
If a user has two-factor authentication (2FA) enabled and you need to reset it, select the Disable 2FA option from the user menu. Confirm the action by entering your Wallarm administrator account password.
This will disable 2FA for the selected user. The user can re-enable 2FA through their profile settings.
Disabling and deleting users¶
-
To temporarily suspend a user's Wallarm account login capability without deleting their account information, use the Disable access option next to their name. This action marks them in gray in the main user list and lists them under the Disabled tab. Reactivate their account by choosing Enable access, allowing them to log in and access Wallarm again.
-
For permanent removal and to revoke login access forever, select Delete user from the user menu. This action permanently removes them from the user list and cannot be undone.
New user alerts¶
Receive instant alerts when new users are added to your Wallarm account by setting up a trigger with the User added condition. Choose to be notified about specific roles or any new user addition.
Team members interested in these notifications must set up their own triggers.
Trigger example: new user alerts to Slack
If a new user with the Administrator or Analyst role is added to the company account in Wallarm Console, notification about this event will be sent to the email address specified in the integration and to the Slack channel.
To test the trigger:
-
Open the Wallarm Console → Settings → Users and add a new user.
-
Open your email Inbox and check that the following message received:
-
Open the Slack channel and check that the following notification from the user wallarm received:
[Wallarm] Trigger: New user was added to the company account Notification type: create_user A new user John Smith <johnsmith@example.com> with the role Analyst was added to the company account by John Doe <johndoe@example.com>. This notification was triggered by the "Added user" trigger. Client: TestCompany Cloud: EU
John Smith
andjohnsmith@example.com
is information about the added userAnalyst
is the role of the added userJohn Doe
andjohndoe@example.com
is information about the user who added a new userAdded user
is the trigger nameTestCompany
is the name of your company account in Wallarm ConsoleEU
is the Wallarm Cloud where your company account is registered
Logout management¶
Administrator and Global Administrator roles can set up logout timeouts for company account in Settings → General. Settings will affect all account users. Idle and absolute timeouts can be set.