Creating User Accounts
  • 04 Aug 2023
  • 9 Minutes to read
  • Dark
    Light

Creating User Accounts

  • Dark
    Light

Article Summary

Overview

Multiple user account types can be created in ThreatConnect®: Application Programming Interface (API) users, TAXII™ users, ThreatConnect users with a variety of System and Organization roles, and read-only users (including read-only commenters). This article demonstrates how to view the membership of an Organization and how to create each kind of user account.

Before You Start

Minimum Role(s)System role of Administrator or Operations Administrator (or Accounts Administrator in an On-Premises or Dedicated Cloud instance) or Organization role of Organization Administrator
PrerequisitesNone

Organization Settings: Membership

On the top navigation bar, hover over SettingsSettings iconand select Org Settings. The Membership tab of the Organization Settings screen will be displayed, showing a table listing all users in the Organization (Figure 1). Above the table, you can see how many more users of each type can be added to the Organization.

Note
Only a user with a System role of Administrator or Operations Administrator can increase the maximum number of users of each type for an Organization.

Figure 1_Creating User Accounts_7.2.0

 

Creating an API User

  1. Click the Create API User button on the Membership tab of the Organization Settings screen (Figure 1). The API User Administration window will be displayed (Figure 2).

     

    • First Name: Enter the API user’s first name.
    • Last Name: Enter the API user’s last name.
    • System Role: Select a System role for the API user. Available System roles for API users include the following:
      Note
      This dropdown will be displayed only when the user creating the account has a System role of Operations Administrator or Administrator. If the menu is not displayed, a System role of Api User will be automatically selected.
    • Organization Role: Select an Organization role for the user.
    • Include in Observations and False Positives: Select the checkbox to allow data provided by the API user to be included in observation and false-positive counts.
    • Allow User to Exceed API Link Limit: Select the checkbox to override the system-level limit on the number of association levels that can be retrieved at one time for intelligence items using v3 of the ThreatConnect API.
    • Custom TQL Timeout: Select the checkbox to override the system-level ThreatConnect Query Language (TQL) query timeout for the user. In the field to the right of the checkbox, enter the maximum amount of time, in milliseconds, that TQL queries made by the user will be allowed to run before timing out.
      Note
      This checkbox will be available only when the user creating the account has a System role of Operations Administrator or Administrator.
    • Disabled: Select the checkbox to disable an API user’s account in the event that the Administrator wishes to retain log integrity when the API user no longer requires ThreatConnect access.
  2. Record the Secret Key, as it will not be accessible after the window is closed.
  3. Click the SAVE button.

Creating a TAXII User

See Using the ThreatConnect TAXII Server for information about how to create a TAXII user for the TAXII 1.x server. See the Creating a TAXII User for the TAXII 2.1 Server for information about how to create a TAXII user for the TAXII 2.1 server.

Creating a User

Click the Create User button on the Membership tab of the Organization Settings screen (Figure 1). The User Administration window will be displayed (Figure 3).

Graphical user interface, application, email  Description automatically generated

 

  • E-Mail: Enter an email address that will also be the name of the user account.
  • Password: Enter the initial user password, which is subject to the ThreatConnect password policy defined within the system settings.
  • First Name: Enter the user’s first name, which, along with the last name, is what other user accounts see when the user posts within the Organization or in a full-profile Community.
  • Last Name: Enter the user’s last name, which, along with the first name, is what other user accounts see when the user posts within the Organization or in a full-profile Community.
  • System Role: Select a System role for the user.
    Note
    This dropdown will be displayed only when the user creating the account has a System role of Administrator or Operations Administrator.
  • Organization Role: Select an Organization role for the user.
    Note
    If a System role of Super User is selected, only an Organization role of Organization Administrator may be selected from the Organization Role dropdown menu.
  • Groups: Select one or more user groups to which to add the user, if desired. User groups allow multiple users to be assigned to Workflow Cases and Tasks together.
  • Locked: This checkbox should remain cleared. When editing an existing user account that has been locked by ThreatConnect, clearing this checkbox will unlock the account.
  • Disabled: This checkbox should remain cleared. When editing a user, it can be selected to disable the user account, which is typically done when a user no longer requires ThreatConnect access and the Administrator wishes to retain log integrity.
  • Password Reset Required: Select this checkbox to force the user to change their account password the next time they log into ThreatConnect. This checkbox is selected by default upon account creation, and it is cleared once the password has been changed.
  • Multi-Factor Authentication Reset Required: Select this checkbox to require the user to configure multi-factor authentication (MFA) for their account or to reset MFA for a user who already has it configured (for example, if the user has lost their MFA token). An icon such as the Google Authenticator™Google Authenticator iconlogo will be displayed in the Status column for users who have MFA enabled.
    Note
    MFA can be disabled for a user on the Authenticator tab of the User Profile screen for the user. To navigate to this screen, click on the user’s account name in the Account column of the Membership tab of the Organization Settings screen (Figure 1).
    Important
    If a System Administrator has enforced MFA systemwide, then MFA may not be disabled for individual users.
  • Terms of Service Acceptance Required: Select this checkbox to reset the “terms of service” flag so the user is presented with the terms of service again. It is selected by default when creating a new user.
    Note
    This checkbox will be displayed only when the user creating the account has a System role of Operations Administrator or Administrator.
  • Send Account Info E-mail: Select this checkbox to send an email with the account information to the email address entered in the E-Mail field. It is selected by default when creating a new user.
  • Custom TQL Timeout: Select this checkbox to override the system-level ThreatConnect Query Language (TQL) query timeout for the user. In the field to the right of the checkbox, enter the maximum amount of time, in milliseconds, that TQL queries made by the user will be allowed to run before timing out.
    Note
    This checkbox will be available only when the user creating the account has a System role of Operations Administrator or Administrator.
  • Time Zone: Select the time zone for the user.
  • Log Out After: Select the amount of time of inactivity after which the user will be logged out.
  • Summary E-mail Time: Select the time at which the user will receive daily summary emails of followed items or other notifications from ThreatConnect.
  • Click the SAVE button.

Creating a Read-Only User

Click the Create Read Only User button on the Membership tab of the Organization Settings screen (Figure 1). The User Administration window for creating a Read Only User will be displayed (Figure 4).

Graphical user interface, application, email  Description automatically generated

 

  • E-Mail: Enter an email address that will also be the name of the user account.
  • Password: Enter the initial user password, which is subject to the ThreatConnect password policy defined within the system settings.
  • First Name: Enter the user’s first name, which, along with the last name, is what other user accounts see when the user posts within the Organization or in a full-profile Community.
  • Last Name: Enter the user’s last name, which, along with the first name, is what other user accounts see when the user posts within the Organization or in a full-profile Community.
  • System Role: Retain the default selection of Read Only User. Changing the selection will result in the creation of a different kind of user.
    Note
    This dropdown will be displayed only when the user creating the account has a System role of Operations Administrator or Administrator. If the menu is not displayed, a System role of Read Only User will be automatically selected.
  • Organization Role: Select an Organization role of Read Only User or Read Only Commenter.
  • Groups: Select user groups to which to add the user, if desired. User groups allow multiple users to be assigned to Workflow Cases and Tasks together.
  • Locked: This checkbox should remain cleared. When editing an existing user account that has been locked by ThreatConnect, clearing this checkbox will unlock the account.
  • Disabled: This checkbox should remain cleared. When editing a user, it can be selected to disable the user account, which is typically done when a user no longer requires ThreatConnect access and the Administrator wishes to retain log integrity.
  • Password Reset Required: Select this checkbox to force the user to change the account password upon next login. This checkbox is selected by default upon account creation, and it is cleared once the password has been changed.
  • Multi-Factor Authentication Reset Required: Select this checkbox to require the user to configure MFA for their account or to reset MFA for a user who already has it configured (for example, if the user has lost their MFA token). An icon such as the Google AuthenticatorA close-up of a coin  Description automatically generated with medium confidencelogo will be displayed in the Status column for users who have MFA enabled.
    Note
    MFA can be disabled for a user on the Authenticator tab of the User Profile screen for the user. To navigate to this screen, click on the user’s account name in the Account column of the Membership tab of the Organization Settings screen (Figure 1).
    Important
    If a System Administrator has enforced MFA systemwide, then MFA may not be disabled for individual users.
  • Terms of Service Acceptance Required: Select this checkbox to reset the “terms of service” flag so the user is presented with the terms of service again. It is selected by default when creating a new user.
    Note
    This checkbox will be displayed only when the user creating the account has a System role of Operations Administrator or Administrator.
  • Send Account Info E-mail: Select this checkbox to send an email with the account information to the email address entered in the E-Mail field. It is selected by default when creating a new user.
  • Custom TQL Timeout: Select this checkbox to override the system-level ThreatConnect Query Language (TQL) query timeout for the user. In the field to the right of the checkbox, enter the maximum amount of time, in milliseconds, that TQL queries made by the user will be allowed to run before timing out.
    Note
    This checkbox will be available only when the user creating the account has a System role of Operations Administrator or Administrator.
  • Time Zone: Select the time zone for the user.
  • Log Out After: Select the amount of time of inactivity after which the user will be logged out.
  • Summary E-mail Time: Select the time at which the user will receive daily summary emails of followed items or other notifications from ThreatConnect.
  • Click the SAVE button.

ThreatConnect® is a registered trademark, and TC Exchange™ is a trademark, of ThreatConnect, Inc.
Google Authenticator™ is a trademark of Google LLC.
TAXII™ is a trademark of The MITRE Corporation.

20037-01 v.12.A


Was this article helpful?