Invite User To Project
Last updated
Last updated
Check YouTube for more tutorials: https://youtube.com/@attackforge
AttackForge lets you invite any person to your project who may need to collaborate with you or the project team; or to provide access to the vulnerabilities, reports, testing progress & tracking features.
In AttackForge, vulnerabilities are linked to one or more projects.
With the exception of Administrators, a user can only see vulnerabilities for which they have access to the project(s) linked to those vulnerabilities.
Only an Administrator, Project Coordinator or delegated user can invite a user to a project and manage their access levels.
Start by clicking on the project settings button (cog in the top-right) then select Access
.
This page will show you all the users with access to your project, and their associated access level & project role.
You can update a user's access to your project at any time by clicking on their current access level (in the table) and selecting from any of the options in the drop-down menu.
You can update a user's project role also by clicking on the current role (in the table) and selecting from any of the options in the drop-down menu.
You can also remove access to your project for a user at any time by clicking actions menu and selecting Remove Member
.
You can also click on Add User
button to invite a new person to your project.
You can select from an existing user in the system. To help you with scheduling, you can view which consultants are available (not assigned on an overlapping project) during the project test window (start & end dates). You can also view the calendar for projects you have access to, and also view all projects assigned to any user.
If the user does not yet exist in your AttackForge, you can invite them by their email address.
Projects in AttackForge have three (3) levels of access control that can be assigned to any user. This controls the user's ability to see vulnerabilities & data from the project within AttackForge, and also how they can interact with that project.
For a detailed breakdown of every project-level privilege - please see Access Control Matrix
This is the typical privilege assigned to Clients/Customers
. It provides them with all of the necessary permissions to view details about vulnerabilities, generate on-demand reports, flag vulnerabilities for retesting and request retests, and self-export vulnerabilities to tools.
This is the typical privilege assigned to Developers / Engineers
. It provides them with the same privileges as View, however also provides ability to upload files to the projects' workspace as well as create project notes. This is useful for users who would need to share information with the security team, for example test accounts, solutions documents, files, etc.
This is the typical privilege assigned to Pentesters / Security Consultants
. It provides them with the same privileges as Upload, however also provides ability to create vulnerabilities, manage scope, action test cases, create attack chains, update executive summary, and perform retests.
You can invite any person to your project by selecting the user from the system or entering in their email address for new users. Please ensure you have consent from the person before inviting them.
The user will receive an email notification informing them you have now invited them to the project and they can access the project immediately.
Project Roles can be assigned to any user on the project. The roles do not provide the user with any additional access rights. Privileges on the project are controlled via the Access Roles (see above).
Project Roles are displayed on the project dashboard so that other team members can see who is on their project and also their role on the project - to help with collaboration and contacting the right person.
Project Roles are also included in the reports, alongside the project team member's name.
Project Team members can receive emails related to events on the project, for example testing has started/stopped or new vulnerabilities have been found.
The following email notifications can be configured per project team member:
All Emails
No Emails
Daily Start/Stop Testing Email
New Critical Vulnerability Discovered
New High Vulnerability Discovered
New Medium Vulnerability Discovered
New Low Vulnerability Discovered
New Info Vulnerability Discovered
Vulnerability Ready for Retesting
Vulnerability Re-Opened
Vulnerability Closed
Project Role Has Been Updated
Project is On-Hold / Off-Hold
Retest Has Been Completed
!IMPORTANT: make sure you have enabled the relevent email notifications first in the
Project Settings
.
Users can inherit access to projects automatically via Groups. In order for this to apply, the group needs to first be linked to the project either during project creation or when editing the project's settings.
Once a group has been linked to the project, any of the access settings applied to the group members will become available. This can be managed via the group settings.
In the example below, if the Globex Corp. group was linked to the project - the following access will become available:
Project Manager - will gain Edit access to the project
Joe Pentester - will gain Upload access to the project
Client User - will gain View access to the project
Account Manager - will not receive access to the project via this group
Member Admins are users or groups who have been delegated privileges on this project to be able to manage the project team.
This can help to:
Empower customers and engineering teams to provide access to the project and vulnerabilities on a needs basis.
Delegate project team management to persons better suited for the role.
Save time and effort on project team management.
When assigning a user or a group as a member admin on the project, you can configure the following:
Access Level Limit: Set the highest level of access the user or group is allowed to assign to project team members.
Add User Method: Configure how project team members can be added - either by selecting an existing user from a drop-down list, or by entering in an email address.
Allow User Invite: Allow user to invite new persons to your AttackForge tenant.
Member Admins will inherit View access to the project by default.