User Management
User management is an important part of Nanitor, as it controls access to the data of an organization and what users are permitted to do within Nanitor. In order to manage access to Nanitor, multiple user roles are available. It is important to understand the permissions included in each role to ensure users can only view data they are meant to be able to view and can only perform the actions they are meant to be able to.
User roles
Nanitor operates on a hierarchy of user roles. They are as follows:
- System administrators have system-wide access, which includes unrestricted access to all organizations in this Nanitor instance. Only system administrators can create other system administrators, and only system administrators can add users to organizations they are not themselves a part of.
- Organization administrators can manage organization-wide settings such as enabling and disabling features, creating API keys and setting organization policy. They are also able to add users to the organization they administer as well as view and manage all data and technical policies within their organization.
- Project managers can manage issues, assets, projects and benchmarks within an organization, allowing them to set technical policy, adjust priority ratings, create issue exceptions, and organize issues into projects. They can also view all relevant data throughout the organization.
- Team members can view all relevant data for an organization as well as being able to leave comments on issues, assets and projects, but have no edit access.
- Auditors have read-only access to the organization's data.
User Profile
A user account serves as your identity when accessing Nanitor. It consists of your email, password, and any relevant user information. You can access your user account and profile settings by clicking on your profile image located in the upper right corner, as illustrated here:
The user profile settings can be found on the left side, where you can change your full name details and password, upload a profile picture and enable MFA. The e-mail address cannot be changed. The name is editable for local user accounts, whereas for externally authenticated users, it is inherited and is not editable in Nanitor.
Password
To change your password, click on Password in the left menu:
Note
If users are using external authentication, then password authentication is not relevant.
Password policy
To ensure the security of your Nanitor account, please note the following password policy:
- Passwords must have at least 10 characters
- Passwords must include at least one symbol
- Passwords must include at least one digit
- Passwords must include at least one uppercase letter and one lowercase letter
- Passwords cannot be part of the user's email address
When changing the password, the new password must be confirmed by typing it again in the "Confirm new password" field.
Two-factor authentication
Two-factor authentication (2FA) enhances account security by necessitating that users input a time-sensitive code from an authenticator app, alongside their password, during the sign-in process.
As Nanitor safeguards crucial information about your organization's assets and security, we highly recommend enabling two-factor authentication to bolster your account's protection.
Two-factor authentication can be enabled by clicking on 2 factor authentication on the left.
This brings up the "Two-factor authentication" page as shown below. By default, it is not enabled.
To turn on 2FA for your account you simply check the box "Enable two-factor authentication". This generates a QR code that you need to scan in your authenticator application.
Nanitor employs the widely-accepted Time-based One-Time Password (TOTP) algorithm for two-factor time-based codes. This standard, defined by RFC 6238, ensures broad compatibility and interoperability with numerous services and applications. TOTP is compatible with most authenticator apps, including Google Authenticator, Microsoft Authenticator, 1Password, etc.
Once you have added the QR code, you simply enter the TOTP code provided in the authenticator and click Save. This completes the setup and the next time you log into Nanitor, it will require a TOTP code from your authenticator.
Organization selection
Organizations are a core element of the Nanitor vulnerability management solution. In Nanitor, an organization represents a customer account that has subscribed to the Nanitor service. The customer's administrators manage the organization, define roles and permissions for users, and add assets to monitor. Nanitor's multi-tenant architecture allows users to belong to multiple organizations within the same instance, providing flexibility and convenience. The organization selection allows users to switch organizations if they belong to multiple organizations.
To view the organizations you have access to, you can click on the cog wheel in the top right corner.
For users belonging to several organizations, the Overview dashboard opens on login and then is accessible any time later from the Dashboards menu. The user can move to the required organization by clicking the corresponding organization hyperlink on any widget there.
Logout
To log out of Nanitor, click your user account profile image on the top right.