Groups

Overview

Groups can help you to more easily manage the following:

  • Users and SSO Groups

  • Customers and Teams

  • Access to Projects and Project Requests

  • Access Assets

  • Access to Writeups

  • Access to Custom Fields

  • Access to Portfolios

  • Access to Reports

Groups includes Enterprise-level user administration - placing you in control of your data.

Group membership provides easy to manage access controls for your teams.

Creating A Group

You can create a group by clicking on New .

Auto Add Project Request

You can automatically assign Groups to Project Requests when they get created by group members.

This means any custom access controls you have created on the group will take effect immediately.

This makes it easy to have dedicated teams of people who can work together to view, edit and approve project requests - without the involvement of Administrators or Project Coordinators.

Project Team Notifications

This option will allow the group to be in-scope of receiving project email notifications.

Whether a user receives the emails is still dependant on how the emails are configured on the project, and the users own personal email notification preferences.

Manage Group Membership via SSO Groups

You can link Identity Provider (IDP) or Active Directory (AD) Groups to AttackForge Groups.

This feature is available for Single-Sign-On (SSO) enabled tenants to help automate provisioning and removal of users to AttackForge Groups and their related projects, based on the users' IDP/AD groups.

This feature can help to ensure that users accessing AttackForge receive sufficient access to projects based on the Enterprises' own access control groups, and remove access to projects which they should not have access - upon each login.

This option is Disabled by default. It is only enabled, on an AttackForge Group-by-Group basis, when an IDP/AD group is linked to the AttackForge Group.

How it works:

  1. When creating a new group in AttackForge, or when editing an existing group - you can link one or more IDP/AD groups. This is an optional field.

  2. Once a group is linked, all group membership will be controlled via SSO.

If the user signing into AttackForge via SSO has IDP/AD groups returned in their SSO profile, the following checks will apply:

  • For each AttackForge Group with linked IDP/AD groups - check to see if any linked groups match any of the users' IDP/AD groups:

    • If match exists

      • If the user is not already a member of the group, add the user as a member to the group.

      • Assign the access level according to the mapping.

    • If no match exists

      • If the user is already a member of the group - remove their access to the group.

After you create the group, you can then invite members to the group; assign Group Membership Administrators and start linking the group to all related access control systems in AttackForge.

Group Overview

Group overview provides a single pane of glass view into your projects and vulnerabilities for the group.

You can also view the groups' assets and attack chains, as well as view and manage group membership.

Group Membership Admins

You can delegate management of your groups to other users and groups.

This can help you to:

  • Empower customers and engineering teams to manage stakeholder access to relevant projects and project requests.

  • Delegate security teams to manage groups on a needs basis.

  • Reduce the burden on application administrators.

When assigning a user or a group to manage access to the group, you can configure the following:

  • Project Access Level Limit - Set the highest level of access the user or group is allowed to assign for access to the groups' projects.

  • Project Request Access Level Limit - Set the highest level of access the user or group is allowed to assign for access to the groups' project requests.

  • Add User Method - Configure how group members can be added - either by selecting an existing user from a drop-down list, or by entering in an email address.

  • Allow User Invite - Allow user to invite new persons to your AttackForge tenant.

Group Membership Admins cannot see any projects, vulnerabilities, assets or attack chains associated with the group. They can only see the Group details, such as owner and primary contact, and also any current members on the group.

You can also allow the group membership admin to invite other users to your AttackForge.

This makes it convenient to get access to the right people, quickly and without the need to involve application administrators.

This can help you to:

  • Empower customers to invite their engineering teams directly to the relevant projects or groups.

  • Delegate account managers to better manage their customer accounts.

  • Share vulnerability information faster, to help remediate vulnerabilities sooner.

Group Membership

Group membership helps to ensure the right people have the right access in a easy and convenient way to manage.

You can access group membership page by clicking on Members.

Here you can manage existing group members and invite a new member to the group.

When adding a new group member, you can do the following:

  • Pick the user from a drop-down list, or by entering an email address (depending on your access)

  • Invite a new user to AttackForge and make them a group member (depending on your access)

  • Assign a Project Access Level - None, View, Upload or Edit. This will apply to all projects linked to the group.

  • Assign a Project Request Access Level - None, View, Edit or Action. This will apply to all project requests linked to the group.

For more information on Project Access Levels, check this link.

For more information on Project Request Access Levels, check this link.

Linking Groups

Projects

You can link groups to Projects.

Access to the project will be extended to the group members, based on each members project access level.

Linking a group to a project will have the following effects:

  • Any Group Members will automatically receive access to the project, based on their access level defined in the Group settings.

  • Group Members will be able to filter Analytics based on the Group.

  • Group Members will see project-related data in their dashboards, including vulnerabilities.

Project Requests

You can link groups to Project Requests.

Access to the project requests will be extended to the group members, based on each members project access level.

Linking a group to a project request will have the following effects:

  • Any Group Members will automatically receive access to the project request, based on their access level defined in the Group settings.

Assets

You can link groups to Asset Libraries.

This can help to manage users access to Assets, for example:

  • Allowing customers to see or modify their own assets

  • Allowing technology teams to see assets which belong to them

  • Allowing security teams to manage assets under their responsibility

Groups can be assigned to asset libraries within Administration module.

Writeups

You can link groups to Writeups Libraries.

This can help to manage users access to Writeups, for example:

  • Allowing technical writers to get access to writeups they manage

  • Allowing pentesters to view or make changes to writeups they are allowed to see or change

  • Allowing security teams to manage which writeups libraries can be accessed by internal and external teams

Groups can be assigned to writeups libraries within Administration module.

Portfolios

You can link groups to Portfolios and Streams.

This can help to manage users access to Portfolios and Streams, for example:

  • Allowing customers to see dashboards for their entire portfolio

  • Allowing customers to see dashboards for specific areas within their portfolios

  • Allowing teams to track and manage compliance better

Group members will only see data relevant to projects they have access to on the portfolio and/or stream.

Groups can be assigned to portfolios and streams within the Portfolio settings.

Custom Fields

You can link groups to Custom Fields.

This can help to manage users access to data points within AttackForge, for example:

  • Allowing customers to see particular project and vulnerability data that only relates to them

  • Allowing Red Teams and Blue Teams to access but not change each-others data when collaborating on Purple Team assessments

  • Allowing security teams to configure and use data on a need-to-know-basis

Group members will only see, or have ability to modify, custom fields relevant to their access settings.

Groups can be assigned to custom fields within the custom field settings.

Reports

You can link groups to Reports.

This can help to manage users access to reports they can download within AttackForge, for example:

  • Allowing customers to see particular reports that only relates to them

  • Creating reports for auditors, which only auditors can access

  • Allowing security teams to create reports which are only need-to-know for the security team

Group members will only see reports relevant to their access settings.

Groups can be assigned to reports within the Report Templates module.

PreviousPortfoliosNextAttack Chains

Last updated

Check YouTube for more tutorials: https://youtube.com/@attackforge