An audit log records events or activities within PlexTrac. Its primary purpose is to provide a chronological and detailed account of actions taken by users and processes, along with relevant information such as timestamps, user IDs, and specific event details.

The audit log is found under the Audit log button of the Admin Dashboard under "Security & User Management."

Actions Recorded

The following key actions are recorded in the audit log:

• Logins (successful, failed, lockouts, etc.)

• Password changes

• User creation/deletion/updates

• RBAC changes (e.g., a user is assigned to a client)

The audit log displays events for 120 days, updating on the first day of each month.

Using the Audit Log

The page defaults to the most recent events and lists the user, event, and time of the action. Use the filters above to narrow the dates of the events or search for a specific event.

For example, to find users who changed their password in the past month, click the box for "Start date" and select the past 30 days, then type "password" into the search box.

The list of events presented on the page dynamically updates.

In Security, admins can manage authentication methods, configure MFA, authorize users for specific roles, and create classification tiers to enforce additional layers of access to reports.

The Security section contains the following sections:

In Security & User Management, admins manage authentication, multi-factor prompts, user groups, access permissions, report access, and user account settings.

Security & User Management contains the following sections:

OAuth (Open Authorization) is a standard token-based authorization framework. OAuth enables account information to be used by a third party without exposing the user's account credentials to the third party.

It provides the third-party service with an access token that authorizes the sharing of specific account information.

OpenID Connect is an identity layer built on the OAuth 2.0 protocol that permits a third-party application to obtain a user's identity information managed by a service. This functionality makes it easier for developers to authenticate users.

Clicking the card below will open further documentation for integrating PlexTrac with the following OAuth/OpenID solutions.

Additional Resources

Community Forums

Tutorials and Guides

The General Authentication Settings page is used to turn on or off the settings that require Multi-factor Authentication for all users.

Microsoft Entra ID (formerly Azure AD) is a cloud-based identity and access management service that enables employees to access external resources.

OAuth operates through a token-based authentication system, allowing users to authorize access to Microsoft Entra ID resources without sharing credentials. The user logs in to their Microsoft Entra ID account and grants permission to a third-party application to access specific resources using an access token. Subsequently, the application utilizes this token to access the authorized resources on behalf of the user, eliminating the need for the user to re-enter their login credentials.

Configuring Microsoft Entra ID

Step 1: Log in at .

Step 2: Click Microsoft Entra ID under the "Azure services" section.

Step 3: From the Overview tab, copy the Tenant ID value and save it for later.

Step 4: Click App registrations under "Manage" on the left menu bar.

Step 5: Click New Registration.

Step 6: Provide the following information:

• Name: The user-facing display name for this application (this can be changed later)

• Supported account type: "Accounts in this organizational directory only" is the most restrictive

• Redirect URI: Choose "Web" from the pulldown menu, then enter the value composed of domain name + "/api/v2/authenticate/azure"

Step 7: Click Register at the bottom of the page.

Step 8: Copy the value for the Application (client) ID and save it for use later.

Step 9: Click Certificates and Secrets under "Manage" on the left menu bar.

Step 10: Click New client secret.

Step 11: Enter a value for Description and select the desired expiration date. Click Add.

Step 12: A new secret appears on the page under the Client Secrets tab. Copy the value for use later.

Step 13: Click Token Configuration from the left menu bar.

Step 14: Click Add optional claim.

Step 15: Choose "ID" for the Token type, then select "email" from the list of options that appears after clicking "ID." Click Add.

Step 16: Navigate back to the Microsoft Entra ID home page (see Step 2) and click Users from the left nav bar.

Step 17: Validate that the desired users exist in the list. Add new users as needed.

Step 18: Log in to PlexTrac as an admin.

Step 19: Navigate to the Admin Dashboard. Click Security under "Security & User Management."

Step 20: Click Authentication Methods under "Authentication."

Step 21: From the OAuth Providers tab, select "Azure" from the dropdown menu "Authentication Providers."

Step 22: Enter the appropriate values for the following fields:

• Provider Tenant ID: Enter the "Directory (tenant) ID" value copied in Step 3.

• Identifier: Enter the "Application (client) ID" value copied in Step 8.

• Secret: Enter the secret value copied in Step 14.

Step 23: Toggle on the Enabled button. Click Save.

Step 24: Return to "Security & User Management" and click Users.

Step 25: Under the column header "Authentication Provider," select the desired user and change the value to "Azure."

The Authorization button under "Security" in the Admin Dashboard allows user group membership and roles to be managed.

This page lists all users (first and last name), email/username, role, classification level, and if they belong to the default group.

Users in the list can be found via search, filtered by client, or sorted by first name, last name, or email/username.

Default Group

The Default Group is the collection of users granted access to all clients by default. Adding users to this group automatically grants them access to all existing and new clients as they are created.

Adding Users to a Client

Step 1: From the Authorization page in the Admin Dashboard, select a client from the pulldown menu.

Step 2: A new button for adding users appears. Click Add/Authorize User.

Step 3: Select the user from the "User" pulldown menu or begin typing to filter the provided list.

Step 4: Assign the appropriate role from the "Role" pulldown menu, and, if applicable, assign a classification level.

Repeat as needed by clicking Add User.

Step 4: Click Save.

Managing Roles

Roles can also be managed directly from the Authorization page.

Step 1: From the Authorization page in the Admin Dashboard, select a client from the pulldown menu.

Step 2: Click the pulldown menu under the "Role" column for the user to be changed and select the new role.

Classification Level

If not enabled, the column will not appear.

The Role Based Access (RBAC) button under "Security" in the Admin Dashboard gives administrators granular control over permissions within PlexTrac, such as actions allowed for a specific user, permissions for customers, access to client data, and report access that restricts viewing sensitive data.

PlexTrac applies roles that consider the tenant (instance) and client. This enables teams to grant users the privileges required to accomplish tasks for specific clients.

A user’s tenant role governs what portions of the platform they can access, including the modules, tools, and UI elements presented for use. A user’s permissions can be further scoped in the context of individual clients. Users must have a role in the context of each client.

PlexTrac has three default roles: Administrator, Standard User, and Analyst.

Licensed Permissions

An icon within the RBAC list identifies permissions that require a license.

For a tenancy, a license can be in different states:

1. A valid key: In this scenario, no banner message will appear.

2. An invalid license key: In this scenario, a banner appears (when adding users or viewing a role within the Admin Dashboard), and the admin needs to contact licensing@plextrac.com.
3. More licenses needed: This scenario applies to situations where the number of licenses remaining is three or fewer, and the admin should contact licensing@plextrac.com. A banner appears when adding users or viewing a role within the Admin Dashboard.
4. No license key: This scenario could apply to a new instance, and the admin needs to contact licensing@plextrac.com. No banner message is provided.

Tenant Permissions

Platform-wide permissions include access to specific modules (WriteupsDB, Assessments, etc.), the Account Admin section, platform settings, and user management. These permissions are specific to platform access and assigned in the Role Based Access area of the Admin Dashboard.

Within a tenancy, the following business rules apply:

• Administrator: A tenant administrator can access all tools, modules, and UI elements on the platform (all aspects of the Admin Dashboard).

• Standard User: A standard user can access all modules and UI elements outside the Admin Dashboard.

• Analyst: An analyst user cannot access the Content Library or Runbooks modules. Additionally, most UI elements that provide create or edit capabilities are unavailable.

Administrator

Admin user permissions can be viewed by clicking the Administrator box on the Security: Role Based Access page.

An administrator is PlexTrac's highest permission role, and admins have complete control and access over every application part.

Standard User

Click the Standard User box on the Security: Role Based Access page to view standard user permissions.

Analyst User

Analyst user permissions can be viewed by clicking the Analyst box on the Security: Role Based Access page.

Client Permissions

The role assigned to a user at the client level sets the client, reports, and findings permissions for that client.

In the context of a client, the following business rules apply:

• Administrator: A client administrator can edit any data associated with the client, such as the client record, assets, and reports, and manage access of client users.

• Standard User: A standard user can edit any data associated with the client, such as the client record, assets and reports.

• Analyst: An analyst user can view client assets and related data, reports in published status, upload and delete artifacts in reports, and change the remediation status of findings.

OAuth and SAML are protocols in identity and access management. OAuth is used for authorization, allowing third-party apps to access user resources securely. SAML is designed for authentication and single sign-on, facilitating user identity data exchange. OAuth is common in consumer and enterprise apps, while SAML is often used in government and enterprise environments. Both protocols can be used together for a comprehensive authentication and authorization solution.

PlexTrac supports multiple authentication methods for single-sign-on (SSO):

• OAuth: OAuth is an open standard for authorization that grants access via access tokens. OAuth authorizes an application to access your data without giving it access to your credentials.

• OpenID: OpenID Connect provides an authentication layer on top of OAuth 2.0. It addresses the lack of an authentication mechanism in OAuth and is thus a more secure solution.

• SAML: Security Assertion Markup Language (SAML) is an open standard that attempts to bridge the divide between authentication and authorization.

OAuth is used in access authorization, while SAML and OpenID Connect are used in user authentication.

Requirements

Users need an account with PlexTrac before being authorized to use an alternative sign-on method. The users' email in PlexTrac must be identical to the email address used to authenticate through the third-party tool.

Configuration Instructions

OpenID is a decentralized authentication protocol allowing users to authenticate with multiple websites using a single login credentials. It enables users to create a single digital identity that can be used across different websites and services without creating a new account or remembering multiple usernames and passwords.

OpenID provides users with an OpenID URL, a unique identifier for their digital identity. When users log in, they are redirected to their OpenID provider's website to authenticate themselves. Once established, the OpenID provider sends a token back to the website, verifying the user's identity and allowing them to access the site.

OpenID is an open standard. It is supported by many websites and services and designed to be interoperable with other authentication protocols like OAuth.

Configuring OpenID

Step 1: Log in to PlexTrac as an admin.

Step 2: Navigate to the Account Admin page. Click Security under "Security & User Management."

Step 3: Click Authentication Methods under "Authentication."

Step 4: From the OAuth Providers tab, select "OpenID Connect" from the dropdown menu under "Authentication Providers."

Step 5: Enter values for the following:

• .well-known Configuration: The URL to the provider's .well-known configuration. The ".well-known" directory is a standardized way for web applications and services to expose metadata about themselves. One of the most commonly used files in the .well-known directory is the "openid-configuration" file, which provides metadata about the OpenID Connect provider used by the web application. The file specifies the authorization and token endpoints, the supported scopes and claims, and the public keys used to sign and verify ID tokens.

• Identifier: The identifier provided by the IDP.

• Secret: The secret value provided by the IDP.

PlexTrac requests to the provided .well-known Configuration’s authorization endpoint with the following query string parameters:

• client_id

• redirect_uri

• response_type=code

• scope=openid email

• state

Step 6: Toggle on the Enabled button. Click Save.

Step 7: Return to "Security & User Management" and click Users.

Step 8: Under the column header "Authentication Provider," select the desired user and change the value to "OpenID Connect."

Users can be added using PlexTrac or by uploading a CSV file template.

Adding Users

Step 1: From the Users page of the Admin Dashboard, under "Security & User Management," click Add Users.

Step 2: Enter the user's email, first name, last name, role, authentication provider, and classification tier (if applicable).

Step 3: Click the check box to identify if the user should belong to the Default Group.

Step 4: Click New user to repeat the process and add more users.

Step 5: When finished, validate whether an email link should be sent to all newly created users to set their password (the default option is to send the email).

Step 6: Click Save.

A message will appear confirming the addition, and the new user will appear on the Users page.

Adding Users via CSV

Users can be created in bulk using a CSV template, which can be found on the Add New Users page after clicking Add Users.

The CSV file has five fields to collect user information to be imported:

Importing the CSV Template

Step 1: Download the file, delete the sample values, and enter the user information to import.

Step 2: From the Users page of the Admin Dashboard, under "Security & User Management," click Add Users.

Step 3: Click Import from CSV.

Step 4: A window opens to select the CSV file from the computer. Select the file to import.

Step 5: The information in the CSV file is imported for review.

Step 6 (optional): No changes are needed if standard roles were used. If a custom role was assigned to an imported user, manually select it by clicking the "Role" pulldown menu for the impacted user and selecting the desired custom role value.

Step 7: Click Save.

A message will appear confirming users were added.

Administrators can tailor roles and permissions within the PlexTrac platform according to their specific requirements. This customization allows for efficient management of user access and privileges, ensuring a secure and organized environment.

When creating custom roles, PlexTrac provides the following recommendations:

• Create a role without any permissions to assign unused or intermittent access users. By implementing this practice, administrators can prevent unnecessary access to sensitive information or critical functionalities, mitigating potential risks of granting unnecessary permissions.

• Use the Principle of Least Privilege when assessing role permissions. This principle advocates granting users the minimum access required to perform their designated tasks effectively. By adhering to this principle, administrators can significantly reduce the attack surface and the potential impact of security breaches, enhancing the overall security posture of the system.

• Conduct periodic user and role audits for an accurate user access posture. Regular user and role audits are essential to maintaining a secure user access environment. Periodic audits allow administrators to review and verify the permissions assigned to each user, ensuring that access rights align with individuals' current roles and responsibilities. This process helps identify deviations or discrepancies, providing the user access posture remains accurate and up-to-date.

When assigning roles to a user, giving each role a unique name is essential. Although PlexTrac generates a unique ID for each role in the backend, the user interface may display seemingly identical values, leading to confusion, as shown below.

Creating a Custom Role

Step 1: From the Role Based Access page under "Security" in the Admin Dashboard, click Create Role.

Step 2: Enter the fields provided on the page. Role Name and Role Description are required.

1. Templates as Baseline: Select the desired baseline template from the drop-down menu when creating a new role.

2. Role Name: This required field is the role's name and will appear on the Role Based Access page.

3. Enabled: This feature displays if the role is activated and provides a simple way to disable access temporarily.

4. Description: A brief description of the role (required).

5. Users Assigned: Place the cursor in the box and type a user to find and associate users to this role. If a user already belongs to another role, additional screens will appear to disable the previous role or inherit an additional role to existing permissions.

6. User List: Assigned users will appear in a list under the User Assigned box. They can be deleted by hovering over the name with the cursor and clicking the red trash can icon.

Step 3: Scroll down the page to select/deselect permissions for the role by clicking the provided tasks to define permissions. A purple button means permission has been given for the role, while a grey button means no permission has been enabled. Clicking a purple button again greys it out and disables authorization.

In this example, all permissions except the ability to manage style guides and access to the admin dashboard where the style guides are managed were removed.

Step 4: Click Save.

A summary page appears to review the list of users and permissions. Click Edit to adjust.

The new role is listed, along with the number of users assigned and configured permissions.

The Classification Tiers button under "Security" in the Admin Dashboard is where the functionality for classification tiers is turned on or off.

Overview

Classification tiers enable control for specific users to view and modify particular reports for a specific client. For example, most users may have access to a client and most reports, but a few users may require a higher classification tier to work on a report with more sensitive data.

Once turned on, PlexTrac provides three tiers by default (Tier 1, Tier 2, and Tier 3). The higher the classification level, the more restrictive it is (i.e., Tier 1 is the lowest). For example, everyone in Tier 2 has access to Tier 1, but Tier 2 users do not have access to Tier 3 reports.

Once enabled by toggling on, the default classification tier values and descriptions can be edited, and new ones can be created and managed.

Creating a Classification Tier

Step 1: After enabling classification tiers, click Create Classification.

Step 2: Enter a classification tier name and description in the provided boxes. If ready to implement, toggle on the "Enabled" button.

Step 3: Click Save.

A message will appear briefly confirming the addition of the new tier, and it will appear on the list at the top of the list by default as the most restrictive.

Step 4: If the new value's default placement at the top is inaccurate and needs adjustment, select and move the value's bar on the page to reflect its appropriate classification level in the existing tier structure.

Once a row is moved, the tiers dynamically reorder and display their new classification level (the bottom of the list will always be the least restrictive Level 1).

Step 5: Exit this page by clicking the breadcrumb Admin Dashboard.

Step 6: Click Security under "Security & User Management."

Step 7: Click Authorization.

Step 8: Select the desired client from the "Client" pulldown menu.

Step 9: Identify the user to configure, click the pulldown menu of the column "Classification Level," and select the appropriate value.

Step 10: Click the Reports module, select a report, and click the Details tab.

Step 11: Click the pulldown menu of "Report Classification" and select the appropriate tier value. Click Save.

Editing a Classification Tier

Step 1: From the Classification Tiers page, click the value to edit.

Step 2: Make any edits and click Update Classification.

Disabling a Tier

Classification tiers cannot be deleted. This is to protect against existing protected reports being unintentionally exposed. If a specific tier is no longer needed, however, it can be disabled (if to be used again in the future) or edited to reflect a new tier classification.

To disable the value from appearing as an option elsewhere in PlexTrac, toggle off the "Enabled" button and click Update Classification.

Existing users can be managed via bulk action or by editing individually.

Editing Users

Step 1: From the Users page of the Admin Dashboard, under "Security & User Management," click Edit under the "Actions" menu of the user to manage or click the row of the user within the table.

Step 2: On the Details tab, you can edit your first and last name and the authentication provider. Additional options exist to reset the password and disable or delete the user. Depending on the user's status, additional options are provided.

Click Save if editing the user name. All other changes are done dynamically.

Step 2: Client access can be modified on the Authorization tab. Use the filters to narrow the list of clients displayed.

Using Actions Menu

Additional options to manage a user within the table can be found by clicking the three dots under the "Actions" menu in the user's row to edit. Some options may not appear if the use case does not apply to the user.

Using Bulk Actions

Bulk action options appear after one or more findings are selected by clicking the checkbox to the far left of the finding row or by clicking the box next to the column header. Some options may not appear if the use case does not apply to a current user status.

SAML stands for Security Assertion Markup Language. It is an XML-based standard for exchanging authentication and authorization data between parties, particularly between an identity provider (IdP) and a service provider (SP).

SAML enables single sign-on (SSO) by allowing users to authenticate themselves once and access multiple services without the need to log in again for each one. SAML achieves this by exchanging digitally signed XML documents, called SAML assertions, between the IdP and SP.

When a user tries to access a resource on a service provider, the SP redirects the user to the identity provider for authentication. The IdP then verifies the user's identity and generates a SAML assertion that includes information about the user's identity and attributes. The IdP signs the assertion using its private key to ensure its authenticity and sends it back to the SP. The SP then verifies the signature using the IdP's public key and grants access to the requested resource.

Plextrac allows any SAML Identity Provider to log into the application. Multiple providers can be configured for each tenant and managed per user. For example, one user could log in with Google while another uses Okta.

Requirements

SAML requires the following environment variables to be set in the PlexTrac Docker:

• PROVIDER_CODE_KEY: A secure signing key set by default in the latest version.

• CLIENT_DOMAIN_NAME: The hosting domain name, such as app.plextrac.com. Do not include HTTP(s)://.

PROVIDER_CODE_KEY is an environment variable that acts as a secure signing key. It is used in the SAML configuration within PlexTrac to facilitate secure communication between the identity provider (IdP) and PlexTrac. This key ensures that the SAML assertions exchanged during the authentication process are signed and can be trusted.

When setting up SAML for PlexTrac, the PROVIDER_CODE_KEY must be set to a secure value in the Docker compose file for the PlexTrac instance.

Configuring SAML

Step 1: From the Admin Dashboard, click Security and then Authentication Methods.

Step 2: Click the SAML Providers tab.

Step 3: Click Create New SAML Provider.

Step 4: Enter the information obtained through the provider setup in the appropriate fields.

1. Provider Name: Identifies the service provider used, such as Okta. This entity acts as an identity or service provider within the SAML authentication and authorization framework.

2. Allow IDP Initiated SSO: Identifies if a user can initiate SSO with the provider first without visiting PlexTrac. This is an authentication process in which the user's interaction begins with the identity provider rather than the service provider.

3. Identity Provider Single Sign-On URL: Identifies the specific endpoint provided by the IdP to initiate the SAML authentication process during SSO. When users attempt to access a service provider application, they are redirected to the IdP SSO URL to authenticate themselves.

4. Provider Issuer URL: Identifies the provider. The IdP uses the service provider's Issuer URL/entity ID to determine which metadata and configurations to use when processing authentication requests.

   The Issuer URL is typically a URL or a URN (Uniform Resource Name) that uniquely identifies the SAML entity, such as:

   • https://karbo.okta.com/example

   • http://www.okta.com/example

   • urn:amazon:webservices

   • urn:federation:MicrosoftOnline

5. X.509 Certificate: The location to paste the certificate. An X.509 certificate is a digital document adhering to the X.509 standard, which governs the structure of public key certificates. X.509 certificates validate identities, ensuring secure communication via encryption.

6. Enabled: A toggle to turn the SAML configuration on or off.

Step 5: Click Create when finished.

The new setup is listed on the SAML Providers tab.

Allowing IDP Initiated SSO

Step 1: Toggle “Allow IDP Initiated SSO.”

Step 2: Enter the identity provider origin URL.

Step 3: Toggle on “JIT User Provisioning.”

Step 4: Select the desired default role for newly created users, the default classification level (if applicable), and if any users provisioned via this SAML Provider are assigned to the Default Group.

Step 5: Click Save (if updating an existing configuration) or Create when finished.

Google OAuth (Open Authorization) is a secure authorization protocol that allows users to grant third-party applications access to their Google accounts without sharing their usernames and passwords. It is a standard authentication mechanism used by Google to provide secure, delegated access to resources on its platform, including Google Drive, Gmail, Google Calendar, and other services.

OAuth provides a token-based authentication system where users can grant access to their account data without disclosing their credentials to that service. The user first logs in to their Google account and then permits the third-party application to access specific resources using an access token. The application then uses this token to access the authorized resources on the user's behalf without needing the user to provide their login credentials again.

Configuring Google OAuth

Step 1: Log into the APIs & Services page on the Google Cloud platform:

Step 2: Click the project pulldown menu.

Step 3: Click NEW PROJECT.

Step 4: Enter a project name and click Create.

Step 5: Click the OAuth consent screen in the left nav bar.

Step 6: Validate that the user type is "internal" and click EDIT APP.

Step 7: Enter a value for the App name, select a value for the User Support email from the pulldown menu, and enter an email address for the Developer contact information. Click SAVE AND CONTINUE.

Step 8: Click ADD OR REMOVE SCOPES.

Step 9: Add the following scopes: email, profile, and openid. Click Update.

Step 10: Click Credentials from the left main menu.

Step 11: Click CREATE CREDENTIALS and then select OAuth client ID.

Step 12: Select Web application as the Application Type.

Step 13: Click ADD URI under the "Authorized JavaScript origins" header and enter the PlexTrac UI URL (i.e., http://app.plextrac.com).

Step 14: Click ADD URI from "Authorized redirect URIs," insert the PlexTrac URL, and add "/api/v2/authenticate/google" at the end of the url used in Step 10. Click CREATE.

Step 15: Copy the values provided for Your Client ID and Your Client Secret. Click Ok.

Step 16: Log in to PlexTrac as an admin.

Step 17: Navigate to the Account Admin page. Click Security under "Security & User Management."

Step 18: Click Authentication Methods under "Authentication."

Step 19: From the OAuth Providers tab, select "Google" from the dropdown menu under "Authentication Providers.

Step 20: For the Provider URL, enter https://accounts.google.com. Enter the Client ID value into the "Identifier" field and the Client Secret value obtained earlier from previous steps into the "Secret" field. Toggle on the Enabled button. Click Save.

Step 21: Return to "Security & User Management" and click Users.

Step 22: Under the column header "Authentication Provider," select the desired user and change the value to "Google."

Okta OAuth is a secure authorization protocol that Okta, a cloud-based identity and access management service, allows users to grant third-party applications access to their Okta resources without sharing their username and password.

OAuth provides a token-based authentication system where users can grant access to their Okta resources without disclosing their credentials to that service. The user first logs in to their Okta account and then permits the third-party application to access specific resources using an access token. The application then uses this token to access the authorized resources on the user's behalf without needing the user to provide their login credentials again.

Configuring Okta

Step 1: Log in to Okta.

Step 2: Click Applications in the admin panel.

Step 3: Click Add Application.

Step 4: Click Create New App and fill out the form. For Platform, choose "Web." For the Sign-on method, select "OpenID Connect." Click Create.

Step 5: Enter a value for the Application name and add {{ your_domain }}/api/v2/authenticate/okta to Login redirect URIs. Click Save.

Step 6: On the next page, copy values for Client ID and Client secret for later use.

Step 7: Click the Sign On tab, copy the value for Issuer, and save for later. This will be later used in PlexTrac as the Provider URL.

Step 8: Log in to PlexTrac as an admin.

Step 9: Navigate to the Account Admin page. Click Security under "Security & User Management."

Step 10: Click Authentication Methods under "Authentication."

Step 11: From the OAuth Providers tab, elect "Okta" from the dropdown menu under "Authentication Providers."

Step 12: Enter values for the fields Provider URL, Identifier, and Secret obtained from earlier steps.

Step 13: Toggle on the Enabled button. Click Save.

Step 14: Return to "Security & User Management" and click Users.

Step 15: Under the column header "Authentication Provider," select the desired user and change the value to "Okta."

The Users button under "Security & User Management" in the Admin Dashboard allows an admin to view, edit, add, or delete users.

Overview

PlexTrac's user management page provides a range of features to streamline user administration. Administrators can add users, assign roles, select authentication providers and classification tiers, reset passwords, enable or disable accounts, and permanently delete users. Additionally, there is functionality to authorize users by client.

The functionality for managing users is contextual, depending on their status. For example, if no users are locked, no option is provided to unlock them.

Types of Users

Users are either enabled, disabled, or locked. This status can be filtered through the pulldown menu at the top of the table or sorted by clicking the flag next to the name field in the table header column.

Locked Users

PlexTrac will lock a user out after multiple failed attempts to protect against brute force attacks. Locked users are identified with a lock icon next to their name, a highlighted row background, and the words "User locked" listed under their email address.

Disabled Users

Disabled users are identified with an icon next to their name, a row with a grey background, and the words "User disabled" under their email address.

Licensed Users

Each user added to a licensed role is considered a paid user. When a role is licensed, an icon will appear at the end of the role title (regardless of the number of licenses available).

Roles that use a license are also identified on the RBAC page.

Click the "All Roles" pulldown menu to filter users by role. Standard roles are at the top of the list.

If a user is added to a role that requires a license but no more seats exist, an error message appears.

Configuring Table View

The table view can be customized by clicking the column view icon to the right of the search bar.

Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left. The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.