search close

Corp Management

access_time Updated Dec 5, 2022

Signal Sciences provides you a set of tools, depending on your permission level, to easily manage sites, users, and members in your corp.

Glossary

  • Corp: A corp (corporation) is a set of sites and users. Users are authenticated against a corp and can be members of different sites in that corp.

  • Site: Sites belong to a corp and consist of a set of requests and configurations. Requests come from agents configured with the site’s access and secret keys. Configurations include agent rules (e.g., tagging requests as XSS, blocklist and allowlist rules, blocking rules), the list of members, integrations, and other configuration options. You could logically think of a site as a mapping to a particular application or domain (e.g., app1.example.com vs. app2.example.com), but you could have multiple apps share the same site keys, or split one app into different sites (e.g., example.com and example.com/admin).

  • User: A user belongs to a particular corp and is identified by an email address and password. A user can be a member of one or more site.

  • Member: A member is a user’s membership in a particular site.

How do permissions work?

A user has a role of either Owner, Admin, User, or Observer:

  1. Owners have access to all corp features, can edit settings on every site, and can make changes to user accounts.
  2. Admins have limited access to corp features, access to specific sites and site-level settings, and can invite new users to specific sites.
  3. Users have access to specific sites and site-level settings.
  4. Observers have access to specific sites.
Owner Admin User Observer
Corp Management
View corp-wide data and reports Access Limited access Limited access Limited access
Edit corp-wide security policies Access No access No access No access
Create or edit Corp Rules Access No access No access No access
View Corp Rules Access Access Access Access
Create or edit Corp Lists Access No access No access No access
Create or edit Corp Signals Access No access No access No access
View corp integrations Access Access Access Access
Edit corp integrations Access No access No access No access
View corp audit logs Access Access Access Access
User Management
View users All sites Specific sites Specific sites Specific sites
Invite or remove other users All sites Specific sites No sites No sites
Allow users to create API Access Tokens Access No access No access No access
Site Management
Create or delete sites Access No access No access No access
View site-level data and reports All sites Specific sites Specific sites Specific sites
Edit site blocking mode All sites Specific sites Specific sites No sites
Edit site IP anonymization policy All sites Specific sites Specific sites No sites
View associated users All sites Specific sites Specific sites No sites
Edit site Display Name and Short Name All sites Specific sites Specific sites No sites
Site Configurations
Change Blocking Mode All sites Specific sites Specific sites No sites
Create or edit rules All sites Specific sites Specific sites No sites
View rules All sites Specific sites Specific sites Specific sites
Create or edit signals All sites Specific sites Specific sites No sites
View signals All sites Specific sites Specific sites Specific sites
Create or edit lists All sites Specific sites Specific sites No sites
View lists All sites Specific sites Specific sites Specific sites
Create or edit redactions All sites Specific sites Specific sites No sites
View redactions All sites Specific sites Specific sites Specific sites
Create or edit integrations All sites Specific sites Specific sites No sites
View integrations All sites Specific sites Specific sites Specific sites
Create agent keys All sites Specific sites Specific sites No sites
View agent keys All sites Specific sites Specific sites No sites
View site audit logs Access Access Access Access
Personal Account Management
Edit account profile information Access Access Access Access
Create, edit, view support tickets Access Access Access Access
Create API Access Token Limited access Limited access Limited access Limited access

Corp management

Owners can manage the sites and users of their corp.

Site management

The Site Management page enables you to add, remove, and edit sites on your corp. This page lists all the sites in your corp along with their agent mode and number of members.

You can access the Site Management page by going to the Corp Manage menu and selecting Sites.

Adding a site

  1. Click Add site. The add site menu page appears.

  2. Enter a display name for the new site in the Display name text box. The display name determines how the site is listed on the Site Overview page and the site select selector menu.

  3. Enter a short name for the new site in the Short name text box. The short name is used in URLs and the API (e.g., https://dashboard.signalsciences.net/corps/SHORT-NAME/).

Note: By default, your corp has a limited number of sites. If you need more, contact support for assistance.

Editing a site

Edit any site by clicking on the site in the list. The site configuration page allows you to:

Deleting a site

Note: Only Owners have the ability to delete sites.

  1. Click on the site to delete in list of sites.

  2. Click Delete site. The delete site confirmation window appears.

  3. Review the warnings associated with deleting a site and check the I understand the consequences of deleting a site box.

  4. Click Delete.

A site cannot be deleted if it:

  • Is the site you are currently accessing in the console
  • Is the last site remaining for the corp
  • Has users that aren’t members of any other sites

Note: If you would like to delete a site meeting any of the conditions listed above, reach out to our support team.

Removing an agent

Once an agent has been offline for 3 days, it will disappear from the agents list automatically.

User Management

Managing users as an Owner

Owners can view and manage all users on the corp by going to the Corp Manage menu and selecting Corp Users. This page lists all the users in the corp, along with their roles, site memberships, and whether they have 2FA enabled, as well as the list of pending invited users.

Adding a user

  1. Click Add corp user. The add corp user menu page appears.

  2. In the Email field, enter the user’s email address.

  3. In the Role section, select which role the user should have.

  4. In the Site memberships section, select which sites the user should be a member of.

    Note: A user must belong to at least one site.

  5. Click Invite user.

When the user is invited, they’ll receive an email to register an account. They must click the Accept invite button at which point they’ll be prompted to set their account password. After creating their account, they will then have access to all the sites they’re a member of. The invitation is valid for 3 days. If the invitation is expired, resend the invite by clicking the pending user’s row and clicking the Resend Invite button from the User Edit page.

Editing a user

  1. In the list of users, click on the user.

  2. Click Edit corp user. The edit corp user page appears.

  3. Edit the Role and Site memberships sections as needed.

  4. Click Update user.

Deleting a user

  1. In the list of users, click on the user.

  2. Click Remove corp user. The remove corp user page appears.

  3. Click Delete corp user.

Disabling 2FA for a user

  1. In the list of users, click on the user.

  2. Click Edit corp user. The edit corp user page appears.

  3. Click Disable 2FA. A confirmation window appears.

  4. Click Yes, disable.

The user will then be able to sign into their account without needing to authenticate through 2FA.

Auditing two-factor authentication

In the filters to the left of the list of users, select Enabled in the 2FA section. This filters the list of users to only contain users who have two-facor authentication enabled.

We don’t currently support 2FA enforcement.

Single sign-on

See Single Sign-On for more information about enabling Single Sign-On.

Bypassing SSO

If your corp has Single Sign-On enabled, an Owner user can set a user to bypass SSO, which allows them to log in to the Signal Sciences console via username and password without needing to authenticate through your SSO provider.

Select Allow this user to bypass Single Sign-On (SSO) to set the user to bypass SSO.

API Access Tokens

See Using Our API for information about personal API access tokens.

Managing users as an Admin

Admins have limited user management abilities for any sites they are a member of.

Invite new users to a site

  1. From the Manage menu, select Site Settings. The site settings menu page appears.

  2. Click Users. The users tab appears.

  3. From the Manage site users menu, select Invite new user. The user invitation menu page appears.

  4. In the Email field, enter the user’s email address.

  5. In the Role section, select which role the user should have.

  6. Click Invite site user.

When the user is invited, they’ll receive an email to register an account. They must click the Accept invite button at which point they’ll be prompted to set their account password. After creating their account, they will then have access to all the sites they’re a member of. The invitation is valid for 3 days. If the invitation is expired, resend the invite by clicking the pending user’s row and clicking the Resend Invite button from the User Edit page.

Assign existing users to a site

  1. From the Manage menu, select Site Settings. The site settings menu page appears.

  2. Click Users. The users tab appears.

  3. From the Manage site users menu, select Assign existing users. The assign users menu page appears.

  4. From the menu, select a user to add to the site.

  5. Click Assign to site.

Remove users from a site

  1. From the Manage menu, select Site Settings. The site settings menu page appears.

  2. Click Users. The users tab appears.

  3. In the list of users, click on the user.

  4. Click Remove site user. The remove user confirmation page appears.

  5. Click Remove user.

All users must belong to at least one site. If this is the only site the user is a member of, you will not be able to remove the user. Instead, an Owner user will need to delete the user entirely.

Console Timeout

The default duration for a validated session is 30 days. To set a custom duration your corp:

  1. Log in to the Signal Sciences console.

  2. From the Corp Manage menu, select User Authentication. The User Authentication page appears.

  3. Under Account Timeout, click on a pre-set duration or click Custom to specify a custom duration. If selecting Custom, enter the custom duration in the Days, Hours, Minutes, and Seconds fields.

  4. Click Update Timeout to save the new timeout duration.