Groups helps you manage your clients, projects and teams.
Groups allows you to track and manage projects and vulnerabilities by customers, business units, technology & engineering teams, third parties including vendors, and more.
You can view security posture for a given business unit, division, subsidiary, 3rd party, or team – know which areas in your organisation are doing well or need improvement.
Groups includes Enterprise-level user administration - placing you in control of your projects, vulnerabilities, users and data. Group membership provides easy to manage access controls for your teams.
Only Administrators can view Groups module and manage groups.
You can create a group by clicking on New button.
After you create the group, you can then view the group dashboard; invite members to the group; and start linking the group to projects.
Group dashboard provides a single pane of glass view into your projects and vulnerabilities for the group.
You can also view the groups' assets and attack chains, as well as view and manage group membership.
Group membership helps to ensure the right people have the right access to projects, automatically. You can access group membership page by clicking on Members.
Here you can manage existing group members; invite a new member to the group; and see a list of users with access to any of the groups' projects.
When you invite a new member to the group, you can set a default access level they will receive on any of the groups' linked projects. Access to the projects will apply immediately. You can update this at any time and it will apply across all projects linked to the group.
You can remove a member from a group at any time.
You can link one or more groups to a project. Groups may be used in the following ways, however is not limited to following:
- Link a Customer to their project
- Link a Customer's 3rd party to the project (for example development agency)
- Link a Customer and their related organizational sub-units to the project
- Link a Platform / Technology to a project
- Link a Functional Team to the project
- Link a Security Team to the project
Linking a group will have the following effects:
- Any Group Members will automatically receive access to the project, based on their access level defined in the Group settings.
- Group Members will be able to filter Analytics based on the Group.
- Group Members will see project-related data in their dashboards, vulnerabilities and projects modules.
!IMPORTANT: Group members do not receive access to project-related emails by default. You need to enable this option in the group settings.
Administrators can link Identity Provider (IDP) or Active Directory (AD) groups to AttackForge Groups.
This feature is available for Single-Sign-On (SSO) enabled tenants to help automate provisioning and removal of users to AttackForge Groups and their related projects, based on the users' IDP/AD groups.
This feature can help to ensure that users accessing AttackForge receive sufficient access to projects based on the Enterprises' own access control groups, and remove access to projects which they should not have access.
This option is Disabled by default. It is only enabled, on a AttackForge Group-by-Group basis, when an IDP/AD group is linked to the AttackForge Group.
How it works: 1. When creating a new group in AttackForge, or when editing an existing group - Administrators can choose to link one or more IDP/AD groups. This is an optional field.
2. Once a group is linked, group membership will be controlled via SSO.
If the user signing into AttackForge via SSO has IDP/AD groups returned in their SSO profile, the following checks will apply:
For each AttackForge Group with linked IDP/AD groups - Check to see if any linked groups match any of the users' IDP/AD groups:
- If Match exists
- If the user is not already a member of the group, add the user as a member to the group with access level according to the mapping, and provide this level of access to all of the groups' projects.
- If No Match Exists
- If the user is already a member of the group, remove their access to the group and to the groups' projects.