Users & Roles
Organizations on the SIFF platform can manage their own users to provide access to SIFF. Roles are assigned to users to grant privileges such as access to the Activity app.
Note: By default when signing up to SIFF a single user is created with full Admin and Billing privileges. This user is also assigned as the Organization Owner.
SIFF Roles
- SIFF Admin: Full access to all SIFF apps with the exception of Billing unless Billing Access has been granted.
- SIFF Operator: Provides access to the Change, Activity, Config, Monitor and Policy apps. SIFF Operators are typically responsible for managing Devices, Access Credentials, Discovery, and managing Service Definitions.
- SIFF User: Provides access to the Change, Activity and Config apps. Regular SIFF Users are typically operations, change management, and compliance personnel with a need to access Change and Configuration data.
- SIFF None: The None role is used in conjunction with Billing Access to only provide access to Billing.
Billing Access
Note: Billing access is granted separately to roles and can only be granted by Admins if they have billing access themselves.
Managing Users
Users with the SIFF Admin role are permitted to manage users via the Admin app.
| Action | Description |
|---|---|
| Invite | Send an email invitation and create a new internally authenticated SIFF user. The invitation is single-use only and will expire after 2 days. If the user fails to log in and complete the process the admin can use the Resend Invitation button to send out a new invite. |
| Import | Bulk import users via a CSV listing emails, names, and roles. A sample template is provided. |
| Edit | Edit user details including Name, Email, Mobile, Role, and billing access. Note: billing access can only be granted if the logged in user has billing access themselves. |
| Login History | View history of logins by location/IP for the selected user. |
| Reset Passphrase | For internally authenticated users Reset Password will send the user an email with a link to reset their passphrase. This is a single-use link and will expire after 1 hour. Users using an external authentication provider will need to refer to that system in order to reset/change their passwords. |
| Lock | Use Lock to prevent users from being able to log into SIFF. This applies to all user types even if using an external authentication provider. The lock will remain in place until an administrator removes it using Unlock. |
| Unlock | Unlock users. |
| Delete | Delete users from SIFF. Note: if a user has been granted access via an external authentication provider then next time they log in a new SIFF user will be created. To prevent this happening either modify the rules governing the external authentication provider or Lock the user. |
| Toggle External Auth | If External Authentication is configured for the organization this can be used to switch users from SIFF (internal) auth to external auth. |
External Authentication
SIFF organizations can have an external authentication provider configured with users set up to use that instead of authenticating internally to SIFF. Support is provided for:
- LDAP such as Microsoft Active Directory
- OpenID Connect (in general) but also built-in support for:
- Amazon
- Auth0
- Azure AD
- Bitbucket
- DigitalOcean
- GitHub
- Gitlab
- MicrosoftOnline
- Okta
- SalesForce
For more information refer to the External Authentication Guide.