Adding users to Graphus

This guide includes the steps for adding new users at the MSP level and at the organization level. In addition, the Graphus user roles are defined and the options for requiring user two-factor authentication are described.

User roles and permissions

Graphus users can be added at the MSP level and the organization level. Users added at the MSP level have global access to all the MSP’s organizations in Graphus. Whereas, users added to a specific organization have access to that organization only and do not have access to MSP level functionality. Note that the same organization user cannot be added to multiple organizations.

User roles

A new user must be assigned one of these roles:

• Admin: Selected by default when adding a new user. The admin role enables the user to perform all activities in the application. An admin can add, update, and disable other users, change settings, and investigate alerts.
• Analyst: Users assigned the analyst role can only investigate alerts in Graphus.

MSP level user management

The admin role assigned to a user at the MSP level enables the user to perform all activities in the application at the MSP level and the organization level. MSP level users are managed on the MSP Administration tab's User Management page. The User Management page includes two tabs: Local Users and KaseyaOne Users.

• Local users: The Local Users tab lists the Graphus users for which you have created a Graphus account locally and allows you to add new local users. Only local user accounts will receive Graphus specific login credentials.
• KaseyaOne users: The KaseyaOne Users tab displays only users created via Automatic User Access. When Automatic User Access is enabled on the KaseyaOne page, KaseyaOne users are required to access Graphus with KaseyaOne Unified Login.

Note: For more information about:
- KaseyaOne, see the article Enabling KaseyaOne Unified login for Graphus.
- Automatic User Access, see the article Set up Automatic User Access with KaseyaOne for Graphus.

Organization level user management

The admin role assigned to a user at the organization level enables the user to perform all activities for the specific organization to which the user is added. Organization level users are managed on the organization's User Management page. Here you can add new users.

Two-factor authentication

It is recommended that you enable two-factor authentication when adding a new user. Two-factor authentication adds an additional layer of security to the user's Graphus account. It generates a time-based one-time password (TOTP), referred to as an authentication code, that the user is required to enter when logging into Graphus.
You have two options for using two-factor authentication:

• Authenticator App: This method requires the user to download a 2FA authenticator app to their phone. Every time the user attempts to log into Graphus, they will be required to enter the authentication code generated by their authenticator app.
• SMS Verification: This method sends a text message to the user's cell phone that includes an authentication code. Every time the user attempts to log into Graphus, they will be required to enter the authentication code that is sent to their phone.

How to...

Add a local user at the global level

1. On the top navigation bar, click MSP Administration.
2. In the left navigation menu, click User Management.
   
3. On the Local Users tab, in the upper-right corner, click the Add Local User button.
   
4. In the User Information form, complete the following:
   - Email Address
   - First Name
   - Last Name
   - Role
   
5. If you want to require two-factor authentication:
   a. Click the Two Factor Authentication toggle to enable it. Authenticator App is automatically selected as the authentication method.
   
   b. If you want to use the SMS Verification method, select the SMS Verification radio button. In the Cellular Number field, enter the user's cell phone number.
   
6. Click the Add User button. An email with login instructions is sent to the user.
   

Add a user at the organization level

1. On the top navigation bar, click Insights.
2. Click the name of the applicable organization.
3. In the left navigation menu, click User Management.
4. In the upper-right corner, click the Add User button.
5. In the User Information form, complete the following:
   - Email Address
   - First Name
   - Last Name
   - Role
   
6. If you want to require two-factor authentication:
   a. Click the Two Factor Authentication toggle to enable it. Authenticator App is automatically selected as the authentication method.
   
   b. If you want to use the SMS Verification method, select the SMS Verification radio button. In the Cellular Number field, enter the user's cell phone number.
   
7. Click the Add User button. An email with login instructions is sent to the user.
   

Disable/edit/delete an existing user

The steps to disable, edit, or delete an existing user are the same for global level users and organization level users.

1. Do one of the following:
   - For global user: Click MSP Administration > User Management. The Local Users tab is automatically selected.
   - For organization: Click Insights. Click the name of the applicable organization. In the left navigation menu, click User Management.
2. To disable a user:
   a. For the applicable user, in the Action column, click the Disable icon.
   
   b. To enable the user again, in the Action column, click the Enable icon.
   
3. To edit a user:
   a. For the applicable user, in the Action column, click the Edit icon.
   
   b. In the Update User Details form, make the desired edits. Note: You can enable/disable two factor authentication or change the two factor authentication method selected.
   
   c. Click the Update User button.
4. To delete a user:
   a. For the applicable user, in the Action column, click the Delete icon.
   
   b. In the Delete User confirmation modal, click Proceed.