System Management

The System Management is intended for users with the System administrator role only (the permission to manage the system). By default Nanitor creates a user account with the System administrator role. The username (email address) for this account is [email protected]. The password for this account can be found on self-hosted instances by following this guide. For Cloud hosted solutions you will need to create a support ticket to gain access to the System administrator's password.

Only System administrators will have access to the System management. It can be accessed from the cog wheel in the top right.

System Management Settings

In this section, you can manage the settings that are common to all organizations for the Nanitor instance. This includes viewing and managing benchmarks, users, SAML identity providers, organizations, and agents. You can also create a new organization on this page.

System settings: Here you can set and configure the portal URLs and an email server. An email server is needed to send digest emails, scheduled reports and notifications.

Warning

For the Nanitor Cloud hosted solution, this is already preconfigured and these settings should not be changed unless instructed by the Nanitor support team.

Security Settings: This section allows System Administrators to configure system-wide security controls that apply across all organizations. Currently, this includes the global Force 2FA setting.

Force Multi-Factor Authentication (MFA)

When enabled, this setting requires all users who authenticate with local credentials (email and password) to configure two-factor authentication on their next login. Users who have not yet set up 2FA will be prompted to do so before they can access Nanitor.

Key behaviors when Force MFA is enabled:
- All local users must configure 2FA on next login if not already configured
- SAML and domain-authenticated users are exempt (their identity provider handles MFA)
- Users cannot disable 2FA in their Personal Settings while this setting is active
- Only System Administrators can disable 2FA for individual users when this is enabled
- The setting applies system-wide across all organizations and cannot be overridden by Organization Administrators
Impact on Users

Enabling this setting will interrupt the login flow for all local users without 2FA configured. They will be required to set up an authenticator app before proceeding. Plan accordingly and consider notifying users in advance.

Activity Log

Changes to this setting are logged in the Activity Log with the event type system_settings_changed. The event shows the admin who changed it, the old value, and the new value.

For more information on two-factor authentication, see User Accounts > Two-Factor Authentication.
Benchmarks: This section displays all the benchmarks that are imported into the Nanitor instance and their information, such as name, CIS version, Nanitor revision, created at, and description.
Users: This section displays a list of all the users added to the Nanitor instance and allows you to add new users or edit their permissions.
SAML Identity Providers: This section allows you to add and download service provider metadata to set up the IDP for SAML.
Organizations: This section displays a list of organizations added in the instance. From here you can create a new organization by providing a new slug.
Agents: This section lists all the available agents that can be downloaded and installed for the instance.
Branding: For data exported to PDF (PDF reports) such as Issues PDF report, this section allows you to add a custom logo and custom footer to be added to reports generated for all organizations. A logo file must have the PNG or JPG format and the size not more than 3 MB.

Common use cases

Frequent use cases related to system management include:

Creating organizations
Setup of external identity providers
Creating system-wide user
Creating users for organization
Configuring an email server
Configuring global security requirements