search close

Corp Management

access_time Updated Sep 21, 2021

Signal Sciences provides you a set of tools, depending on your permission level, to easily manage sites, users, and members in your corporation.

Glossary

  1. Corporation: A corporation is a set of sites and users. Users are authenticated against a corporation and can be members of different sites in that corporation.
  2. Site: Sites belong to a corporation and consist of a set of requests and configurations. Requests come from agents configured with the site’s access and secret keys. Configurations include agent rules (e.g., tagging requests as XSS, blocklist and allowlist rules, blocking rules, etc.), the list of members, integrations, and other configuration options.
  • Logically think of a site as a mapping to a particular application or domain (e.g., app1.example.com vs. app2.example.com), but you could have multiple apps share the same site keys, or split one app into different sites (e.g., example.com and example.com/admin).
  1. User: A user belongs to a particular corporation and is identified by an email address and password. A user can be a member of one or more site.
  2. Member: A member is a user’s membership in a particular site.

How do permissions work?

A user has a role of either Owner, Admin, User, or Observer:

  1. Owners have access to all corp features, can edit settings on every site, and can make changes to user accounts.
  2. Admins have limited access to corp features, access to specific sites and site-level settings, and can invite new users to specific sites.
  3. Users have access to specific sites and site-level settings.
  4. Observers have access to specific sites.
Owner Admin User Observer
Corp Management
View corp-wide data and reports Access Limited access Limited access Limited access
Edit corp-wide security policies Access No access No access No access
Create or edit Corp Rules Access No access No access No access
View Corp Rules Access Access Access Access
Create or edit Corp Lists Access No access No access No access
Create or edit Corp Signals Access No access No access No access
View corp integrations Access Access Access Access
Edit corp integrations Access No access No access No access
View corp audit logs Access Access Access Access
User Management
View users All sites Specific sites Specific sites Specific sites
Invite or remove other users All sites Specific sites No sites No sites
Allow users to create API Access Tokens Access No access No access No access
Site Management
Create or delete sites Access No access No access No access
View site-level data and reports All sites Specific sites Specific sites Specific sites
Edit site blocking mode All sites Specific sites Specific sites No sites
Edit site IP anonymization policy All sites Specific sites Specific sites No sites
View associated users All sites Specific sites Specific sites No sites
Edit site Display Name and Short Name All sites Specific sites Specific sites No sites
Site Configurations
Change Blocking Mode All sites Specific sites Specific sites No sites
Create or edit rules All sites Specific sites Specific sites No sites
View rules All sites Specific sites Specific sites Specific sites
Create or edit signals All sites Specific sites Specific sites No sites
View signals All sites Specific sites Specific sites Specific sites
Create or edit lists All sites Specific sites Specific sites No sites
View lists All sites Specific sites Specific sites Specific sites
Create or edit redactions All sites Specific sites Specific sites No sites
View redactions All sites Specific sites Specific sites Specific sites
Create or edit integrations All sites Specific sites Specific sites No sites
View integrations All sites Specific sites Specific sites Specific sites
Create agent keys All sites Specific sites Specific sites No sites
View agent keys All sites Specific sites Specific sites No sites
View site audit logs Access Access Access Access
Personal Account Management
Edit account profile information Access Access Access Access
Create, edit, view support tickets Access Access Access Access
Create API Access Token Limited access Limited access Limited access Limited access

Corp management

Owner users can manage the sites and users of their corporation.

Site management

The Site Management page enables you to add, remove, and edit sites on your corp. This page lists all the sites in your corporation, along with their agent mode and number of members. To access the Site Management page:

  1. Log into the Signal Sciences console.
  2. From the Corp Manage menu, select Sites. The Site Management page appears.
  3. Under the Corp Manage menu, click Sites.

Adding a site

To add a site, click New site. Choose a display name, a short name to be used in the URL, and the agent mode. Once you’ve added the site, set up the agent and module by following the installation process.

Note: By default, your corporation has a limited number of sites. If you need more, contact support for assistance.

Editing a site

Edit any site by clicking the pencil icon to the far right of the site. The site configuration page allows you to:

  • Change the display name
  • Change the short name
  • Change the agent mode
  • Toggle IP anonymization

Deleting a site

A site can be deleted by selecting the Delete button next to the site. Only Owners have the ability to delete sites.

A site cannot be deleted if it:

  • Is the current active console
  • Is the last site remaining for the corp
  • Has users that aren’t members of any other sites

Note: If you would like to delete a site meeting any of the conditions listed above, reach out to our support team.

Removing an agent

Once an agent has been offline for 3 days, it will disappear from the agents list automatically.

User Management

Managing Users

Under the Corp Manage menu, click Manage Users. This page lists all the users in your corporation, along with their roles, site memberships, and whether they have 2FA enabled, as well as the list of pending invited users.

Adding a user

Click the Add user button. Enter their email and choose a role and site memberships.

Note: A user must belong to at least one site.

When the user is invited, they’ll receive an email to register an account. They must click the Accept invite button at which point they’ll be prompted to set their account password. After creating their account, they will then have access to all the sites they’re a member of. The invitation is valid for 3 days. If the invitation is expired, resend the invite by clicking the pending user’s row and clicking the Resend Invite button from the User Edit page.

Editing or deleting a user

Click the user’s row to change their role as well as delete the user from the corporation.

Resetting 2FA for a user

To reset 2FA for a user, click the pencil icon next to the user. Click the Disable button next to their 2FA status. The user will then be able to sign into their account and reconfigure 2FA.

Auditing two-factor authentication

Audit two-factor authentication (2FA) usage via the “2FA” column in the users list. We don’t currently support 2FA enforcement.

Single sign-on

See Single Sign-On for more information about enabling Single Sign-On.

Bypassing SSO

If your corp has Single Sign-On enabled, an Owner user can set a user to bypass SSO, which allows them to log into the Signal Sciences console via username & password, without needing to authenticate through your SSO provider.

Allow a user to bypass SSO by clicking Allow this user to bypass Single Sign-On (SSO).

API Access Tokens

See Using Our API for information about personal API access tokens.

Assigning or removing a user from a site

Admins

Assign a user to a site by navigating to that specific site, clicking Site Manage > Site Settings from the navigation, and selecting the Users tab. From there, click Manage site users and select either Invite new user to invite an entirely new user or Assign existing users to choose an existing user in the corp. If the user doesn’t already belong to the corp they’ll be provisionally added to the site and receive an invitation email to join your corp.

Owners

In addition to the method described above, Owner users can also assign users by going to Corp Manage > Corp Users in the navigation bar at the top. On that page, Owners can select specific sites from the dropdown menu on the left and assign users to that site by clicking Assign existing users to this site. Alternatively, Owners can select a User’s row, and from the User Edit page, select which sites that user should be assigned to manage. In this case, they will have their same role across every site membership.

For more information on member roles see How do permissions work?

Console Timeout

The default duration for a validated session is 30 days. To set a custom duration your corp:

  1. Log into the Signal Sciences console.
  2. From the Corp Manage menu, select User Authentication. The User Authentication page appears.
  3. Under Account Timeout, click on a pre-set duration, or click Custom to specify a custom duration.
    • If selecting Custom, enter the custom duration in the Days, Hours, Minutes, and Seconds fields.
  4. Click Update Timeout to save the new timeout duration.