SOAR system administrator

The administrator configures and maintains the administrative parts of the IBM Security® QRadar® SOAR application. Administration tasks include managing users, authentication, IP allow lists, and imports and exports when you work with multiple SOAR organizations.

You access the administrative settings by selecting Administrator Settings from the drop-down menu on the right. From the Administrator Settings page, several tabs are available to configure different parts of the application.

Some examples of administrator tasks include:

User administration
You manage users and their roles from the Users tab. From the Users tab you can assign groups, assign workspaces, assign roles, and reassign cases and tasks. You can also create API key accounts to enable integrations or external scripts to access the application through the REST API.
Managing groups
You can create groups of predefined users to easily add the users to cases together. For example, you might have different teams who are added to a case or incident based on the case or incident type, location, or whether there is a malware component to the case. You create groups from the Groups tab.
Managing and assigning roles
A role is a specific set of permissions, which you can assign to users and groups. The Roles tab on the Administrator Settings screen enables you to define and manage roles.
You can assign multiple roles to a user, which gives the user a superset of all the permissions in the roles.