Managing users

IMPORTANT

This guide only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. If you have access to the Next-Gen WAF product in the Fastly control panel, check out our user access and control guides for Fastly accounts.

If you have an owner or admin role for the Next-Gen WAF control panel, you can manage the users in your corp (also known as account).

Managing users as an owner

Owners can view and manage all users on the corp (account) by going to the Corp Manage menu and selecting Corp Users. This page lists all the users in the corp (account), along with their roles, site memberships (also known as workspace memberships), and whether they have 2FA enabled, as well as the list of pending invited users.

Adding users

To add a new user, complete the following steps:

  1. Log in to the Next-Gen WAF control panel.
  2. From the corp navigation bar, click the Corp Manage menu and then select Corp Users.
  3. Click Add corp user.
  4. In the Email field, enter the user's email address.
  5. In the Role section, select which role the user should have.
  6. In the Site memberships section, select which sites the user should be a member of. A user must belong to at least one site.
  7. Click Invite user.

When the user is invited, they’ll receive an email to register an account. They must click the Accept invite button at which point they’ll be prompted to set their account password. After creating their account, they will then have access to all the sites they’re a member of. The invitation is valid for 3 days. If the invitation is expired, resend the invite by clicking the pending user’s row and clicking the Resend Invite button from the User Edit page.

Editing users

To edit a user, complete the following steps:

  1. Log in to the Next-Gen WAF control panel.
  2. From the corp navigation bar, click the Corp Manage menu and then select Corp Users.
  3. In the list of users, click on the user.
  4. Click Edit corp user.
  5. Edit the Role and Site memberships sections as needed.
  6. Click Update user.

Deleting users

To delete a user, complete the following steps:

  1. Log in to the Next-Gen WAF control panel.
  2. From the corp navigation bar, click the Corp Manage menu and then select Corp Users.
  3. In the list of users, click on the user.
  4. Click Remove corp user.
  5. Click Delete corp user.

Other user management tasks as an owner

In addition to managing users and their basic membership settings, you can also manage the following settings at the user level:

  • Enabling single sign-on. Check out our guide to setting up single sign-on for more information on enabling single sign-on via SAML 2.0 and Google Apps.
  • Bypassing SSO for specific users. If your corp (account) has single sign-on enabled, an Owner user can set a user to bypass SSO, allowing them to log in to the Next-Gen WAF control panel via username and password without needing to authenticate through your SSO provider.
  • Granting and restricting user permissions for API access tokens. Check out our guide on using our Next-Gen WAF API for information about personal API access tokens and granting or restricting user permissions for them.
  • Managing two-factor authentication (2FA). Check out our guide to enabling and disabling 2FA for Next-Gen WAF control panel.

Managing users as an admin

Admins have limited user management abilities for any sites (workspaces) they are a member of.

Inviting new users to a site (workspace)

To invite new users to a site (workspace), complete the following steps:

  1. Log in to the Next-Gen WAF control panel.
  2. From the Sites menu, select a site if you have more than one site.
  3. From the Manage menu, select Site Settings.
  4. Click Users.
  5. From the Manage site users menu, select Invite new user.
  6. In the Email field, enter the user's email address.
  7. In the Role section, select which role the user should have.
  8. Click Invite site user.

When the user is invited, they’ll receive an email to register an account. They must click Accept invite at which point they’ll be prompted to set their account password. After creating their account, they will then have access to all the sites (workspaces) they’re a member of. The invitation is valid for 3 days. If the invitation is expired, resend the invite by clicking the pending user’s row and clicking Resend Invite from the User Edit page.

Assigning existing users to a site (workspace)

To assign existing users to a site (workspace), complete the following steps:

  1. Log in to the Next-Gen WAF control panel.
  2. From the Sites menu, select a site if you have more than one site.
  3. From the Manage menu, select Site Settings.
  4. Click Users.
  5. From the Manage site users menu, select Assign existing users.
  6. From the menu, select a user to add to the site.
  7. Click Assign to site.

Removing users from a site

To remove users from a site, complete the following steps:

  1. Log in to the Next-Gen WAF control panel.
  2. From the Sites menu, select a site if you have more than one site.
  3. From the Manage menu, select Site Settings.
  4. Click Users.
  5. In the list of users, click on the user.
  6. Click Remove site user.
  7. Click Remove user.

All users must belong to at least one site (workspace). If this is the only site (workspace) the user is a member of, you will not be able to remove the user. Instead, an Owner user will need to delete the user entirely.

Configuring account session timeouts

IMPORTANT

Session timeouts can only be configured for the Next-Gen WAF control panel, not the Fastly control panel. Timeouts have a default maximum of 12 hours and a minimum of 30 minutes per session.

To set a custom timeout duration for your corp (account) in the Signal Sciences control panel, follow these steps:

  1. Log in to the Next-Gen WAF control panel.
  2. From the Corp Manage menu, select User Authentication.
  3. Under Account Timeout, click on a pre-set duration or click Custom to specify a custom duration. If selecting Custom, enter the custom duration in the Days, Hours, Minutes, and Seconds fields.
  4. Click Update Timeout to save the new timeout duration.
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.