How are people handling deactivated users? do you put them in their own department/group? what do you do with their threat models?
thanks
This topic has been closed for comments
Userlevel 2
+1
Hi Becki,
To kick off the conversation here:
When a user is deactivated, it is important to transfer their threat models to an active user. The owner/creators of threat models have the ability to grant and assign access to those models, so it will be important to transfer that ability to an active user. The transfer of ownership prompt appears when deactivating a user as well as when you transfer users to another department.
If you have many deactivated users, you may choose to organize them / silo them in a department that you create specifically for deactivated users - however, you can only reassign or move an active user. If a user that is deactivated needs to be moved to another department, you will need to temporarily active them, perform the move, and then deactivate them again.
Userlevel 3
what about groups? do they need to be in a group or can they exist in “no group”?
Userlevel 2
+1
In 5.5: When a user is deactivated (in Enterprise Management), irrespective of what groups they belong to (in Authorization), they can no longer access Threatmodeler. However, despite not having access, they will still be listed within the group(s) they were originally assigned to. To clean up the groups, within Authorization, user(s) can be individually removed from their respective groups even if they have already been deactivated.
Userlevel 2
+2
Hi Becki,
To add to what Patrick said, please note, that account deactivation will only restrict platform access for the local user accounts. When the user account is created using SSO, the control is switched to designated SSO service to restrict platform access.
Userlevel 3
can you explain that more? Right now, we use AD->SSO. If a person leaves our department, they will still have a valid AD account. you’re saying that even if i deactivate the user, on the TM side, but they used SSO to log in, they would still have access to TM?
Userlevel 2
+2
Hi Becki,
As a best practice, we recommend creating a group on SSO platform for users who will be accessing the ThreatModeler platform to restrict platform access to only those users. Additionally, based on the customer feedback received for v5.5, we are providing a functionality to verify user activation status on the platform in ThreatModeler v6.0.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.