Guides
Log In
Guides

Identity Management

Suggest Edits

Identities in the Cyolo platform are entities such as users, user groups, and API keys. Identities can be assigned end user, administrative, supervisory, and auditing roles. By default, all users are end users until explicitly added to a role. End users can be configured to have access to applications and other resources hosted at corporate premises.

Administrator options – The portal admin can perform the following actions on the respective page of each feature:

  1. Add - Add a local or dynamic user or user group, or API key by clicking the Add button.

  2. Search -- Search for users, user groups, or API keys using keywords.

  3. Sort - Sort the list by the headers listed above.

  4. Group by -- Group the list by Enabled, Type, Provider, Status, or Created by, as the case may be on each page. The Restore default option restores the page to the default setting.

  5. Select/de-select headers -- Choose to display information by selecting or deselecting a header from the drop-down.

  6. Edit - Click the Edit icon to edit the user/user group. API keys cannot be edited.

  7. Delete - Click the Delete icon to delete the user, user group, or API key. Identities are used in the following features for authentication purposes:

    1. Applications and Application Categories

    2. Device Policies

    3. Access Controls

    4. Roles

Features of Identities

Groups -- Groups or user groups can be both local and external. The local groups are Cyolo groups, and the external groups are dynamic groups. While local groups must be manually added, dynamic groups must be imported from an integrated external identity provider. A local group can have both local users and external users as members.

Information available on the page - User groups are listed with the following headers:

  1. Checkbox -- Enable the checkbox to select all or multiple user groups.

  2. Enabled -- Enable or disable by toggling the button.

  3. Name -- Name of the group.

  4. Type -- Whether the group is Cyolo (local) or dynamic.

  5. Users -- Members of the group.

  6. Total Members -- The total number of users in the group.

  7. Provider -- If the group is external (dynamic), the name of the external identity provider is listed. If the group is local (Cyolo), No Provider is displayed.

To create user groups, refer to the section: How to Create User Groups.

Users -- Similar to user groups, users on the Users page can be both local and external. And both types of users can be added manually. Additionally, when an external user belonging to an external identity provider logs in to the Cyolo platform, the user is automatically added to the Users page.

Information available on the page -- Users are listed with the following headers:

  1. Checkbox -- Enable checkbox to select all or multiple users.

  2. Enabled - Enable or disable the user by toggling the button.

  3. Name -- The username of the user.

  4. First Name -- The user's first name. This is not listed by default.

  5. Last Name - The user's last name. This is not listed by default.

  6. Status -- The current status of the user account. The following are the statuses:

    a. Active -- The user is active.

    b. Waiting for Enrollment -- The user is yet to be approved by the configured supervisor and is awaiting approval.

  7. Email -- The email address, if configured. This is not listed by default.

  8. Phone Number - The phone number, if configured. This is not listed by default.

  9. Last Login -- The date and time the user logged in last.

  10. Cyolo Groups -- Name of the Cyolo (local) group the user is a member of. If not a local user, this is blank.

  11. External Groups - Name of the external identity provider's group the user is a member of. If not an external user, this is blank.

  12. Last seen -- The date and time of the user's last activity. For example, accessing an application.

  13. Provider -- Local or name of external identity provider. This is not listed by default.

  14. MFA - The method the MFA code was delivered to the user: SMS or TOTP. This is not listed by default.

  15. Personal Desktop -- If configured, the IP address of the user's workstation. If not configured, it is blank. This is not listed by default.

To create users, refer to the section: How to Create Users.

API Keys -- API keys are identifiers used for authentication and authorization to access API. In the Cyolo platform, API keys are used to access the Cyolo API to add, edit, delete, and retrieve information. The API Keys page allows the admin to generate API keys that can be used to authenticate clients before accessing applications. API keys can be assigned roles similar to users and user groups.

Information available on the page -- Keys are listed with the following headers:

  1. Checkbox -- Enable checkbox to select all or multiple keys.

  2. Enabled - Enable or disable by toggling the button.

  3. Name -- The name of the key.

  4. Key ID -- The 128 bit key ID.

  5. Created By -- The username of the admin user who created the key.

  6. Created On -- The date and time of creating the key.

  7. Last Used - The date and time the key was last used.

To create API keys, refer to the section: How to Create API Keys.

Groups

Groups in Cyolo facilitate the way administrators control which identities can access applications. Instead of allowing access to individual users, administrators can allow access to groups. The system persistently stores the user group membership and displays the information on the Admin Console.

There are three types of groups:

  • Cyolo Groups - Administrators can create Cyolo groups and assign users to those groups. Cyolo groups are not linked to any specific IdP and are static (the system does not change their members, only administrators).
  • External Groups - When the IdP's automatic provisioning option is enabled, the system creates external groups upon SCIM requests arriving from the IdP, or during the polling cycle to LDAP-based IdP.
  • Dynamic Groups - Administrators can create dynamic groups on a specific external IdP. Upon user logins, the system receives the user group membership from the external IdP - and accordingly, allows or denies access to applications.

Information available on the page - User groups are listed with the following headers:

  1. Checkbox – Enable the checkbox to select all or multiple user groups.
  2. Enabled – Enable or disable by toggling the button.
  3. Name – Name of the group.
  4. Type – Whether the group is Cyolo (local) or dynamic.
  5. Users – Members of the group.
  6. Total Members – The total number of users in the group.
  7. Provider – If the group is external (dynamic), the name of the external identity provider is listed. If the group is local (Cyolo), No Provider is displayed.

To create user groups, refer to the section: How to Create User Groups

Users

Similar to user groups, users on the Users page can be both local and external. And both types of users can be added manually. Additionally, when an external user belonging to an external identity provider logs in to the Cyolo platform, the user is automatically added to the Users page.

Information available on the page – Users are listed with the following headers:

  1. Checkbox – Enable the checkbox to select all or multiple users.

  2. Enabled - Enable or disable the user by toggling the button.

  3. Name – The username of the user.

  4. First Name – The user’s first name. This is not listed by default.

  5. Last Name - The user’s last name. This is not listed by default.

  6. Status – The current status of the user account. Following are the statuses:
    a. Active – The user is active.
    b. Waiting for Enrollment – The user is yet to be approved by the configured supervisor and is awaiting approval.

  7. Email – The email address, if configured. This is not listed by default.

  8. Phone Number - The phone number, if configured. This is not listed by default.

  9. Last Login – The date and time the user logged in last.

  10. Cyolo Groups – Name of the Cyolo (local) group the user is a member of. If not a local user, this is blank.

  11. External Groups - Name of the external identity provider’s group the user is a member of. If not an external user, this is blank.

  12. Last seen – The date and time of the user’s last activity. For example, accessing an application.

  13. Provider – Local or name of external identity provider. This is not listed by default.

  14. MFA - The method the MFA code was delivered to the user: SMS or TOTP. This is not listed by default.

  15. Personal Desktop – If configured, the IP address of the user’s workstation. If not configured, it is blank. This is not listed by default.

API Keys

API keys are identifiers used for authentication and authorization to access API. In the Cyolo platform API keys are used to access the Cyolo API to add, edit, delete, and retrieve information. The API Keys page allows the admin to generate API keys that can be used to authenticate clients before accessing applications. API keys can be assigned roles similar to users and user groups.

Information available on the page – Keys are listed with the following headers:

  1. Checkbox – Enable the checkbox to select all or multiple keys.
  2. Enabled - Enable or disable by toggling the button.
  3. Name – The name of the key.
  4. Key ID – The 128-bit key ID.
  5. Created By – The username of the admin user who created the key.
  6. Created On – The date and time of creating the key.
  7. Last Used - The date and time the key was last used.

Updated 3 days ago