Setting up users in a SOAR MSSP deployment

The IBM Security QRadar Suite administrator adds a SOAR MSSP administrator and assigns that user permissions to the Provider account. The SOAR MSSP administrator adds SOAR MSSP analysts to the Standard accounts and Provider account, as required.

The following persona are relevant in a SOAR MSSP deployment:
IBM Security QRadar Suite administrator
An IBM Security QRadar Suite administrator must create the Provider account and add the SOAR MSSP administrator to the Provider account and assign them permissions.
SOAR MSSP administrator
The SOAR MSSP administrator creates Standard accounts, adds SOAR MSSP analysts to Standard accounts or Provider account, and assigns those users to groups, which can be created and maintained in the Provider account or Standard accounts.
SOAR MSSP analysts with access to Provider account and Standard accounts
SOAR MSSP analysts who have access to the Provider account and one or more Standard accounts.
The SOAR MSSP administrator assigns custom roles to these users, as needed.
SOAR MSSP analysts with access to Standard accounts only
SOAR MSSP analysts who have access to one or more Standard accounts without access to the Provider account. These users do not see the Provider account.
An overview of setting up and users and assigning permissions for a SOAR MSSP deployment is:
  1. The Provider account must be created, described in Creating and managing MSSP accounts. The IBM Security QRadar Suite platform administrator creates the Provider account.
  2. The IBM Security QRadar Suite platform administrator creates Standard accounts under the Provider account, one for each customer managed in the SOAR MSSP deployment.
  3. In the Provider account, the IBM Security QRadar Suite platform administrator adds the SOAR MSSP administrator and assigns them permissions, described in Setting up the SOAR MSSP administrator user.
  4. The SOAR MSSP administrator adds users to the Standard accounts, described in Adding SOAR MSSP analysts.
  5. The SOAR MSSP administrator creates roles with permissions, creates groups, and adds the roles to groups. Refer to Groups and Roles for more information.
  6. The SOAR MSSP administrator adds users to groups in the Provider account or Standard accounts, as required.
  7. If required, the SOAR MSSP administrator creates API key accounts in the Provider account to enable external scripts or apps to authenticate to the application through the REST API, described in Creating API key accounts. The SOAR MSSP administrator also completes other configuration tasks, such as configuring an inbound email connection, as required for the deployment.
  8. From the Provider account, the SOAR MSSP administrator pushes the configuration changes to the Standard accounts, described in Pushing configuration changes.
    Note: User changes and API key accounts do not require a configuration push.