Changed in 51.0.1.0 Setting up MSSP users and permissions

There are three types of accounts, administrator, user, and API key.

To manage user permissions, you assign roles to groups then assign users to groups. You cannot assign roles directly to users.

An overview of setting up and managing users and permissions for an MSSP deployment is:
  1. You must have the configuration, global dashboard, and child organizations already created, as described in Creating and managing MSSP-specific organizations.
  2. Create the initial MSSP administrator account, described in Creating the administrator account.
  3. Create users as required, described in Changed in 51.0.1.0 Creating MSSP users. You can create and manage users in specific child organizations. Or, you can create and manage users in the configuration organization if you want to add those users to multiple child organizations.
  4. If required, create API key accounts to enable external scripts or apps to authenticate to the SOAR Platform through the REST API as described in Creating API key accounts.
  5. Create roles and groups and set permissions on the groups as required for your MSSP deployment. You can create groups in child organizations if you want the groups to be specific to those child organizations, or you can create groups in the configuration organization if you want to use those groups across multiple child organizations. For more information about creating users and groups, see Managing SOAR Platform groups and Managing SOAR Platform roles.
  6. Add users to groups, as described in Managing SOAR Platform groups.
  7. From the configuration organization, do a configuration push to propagate the changes to the dashboard and child organizations, described in Propagating configuration changes to MSSP organizations.
    Tip: A configuration push is required to propagate configuration to the child organizations. If you create users and groups in specific child organizations, you do not need to do a configuration push.
Note: User and API key accounts do not require a configuration push to propagate to the assigned global dashboard and child organizations.