Signal Sciences provides you a set of tools, depending on your permission level, to easily manage sites, users, and members in your corporation.
- Corporation: A corporation is a set of sites and users. Users are authenticated against a corporation and can be members of different sites in that corporation.
- Site: Sites belong to a corporation and consist of a set of requests and configurations. Requests come from agents configured with the site’s access and secret keys. Configurations include agent rules (e.g. tagging requests as XSS, blocklist and allowlist rules, blocking rules, etc.), the list of members, integrations, and other configuration options.
- Logically think of a site as a mapping to a particular application or domain (e.g.
app2.example.com), but you could have multiple apps share the same site keys, or split one app into different sites (e.g. example.com and example.com/admin).
- User: A user belongs to a particular corporation and is identified by an email address and password. A user can be a member of one or more site.
- Member: A member is a user’s membership in a particular site.
How do permissions work?
A user has a role of either Owner, Admin, User, or Observer:
- Owners have access to all corp features, can edit settings on every site, and can make changes to user accounts.
- Admins have limited access to corp features, access to specific sites and site-level settings, and can invite new users to specific sites.
- Users have access to specific sites and site-level settings.
- Observers have access to specific sites.
|View corp-wide data and reports||Access||Limited access||Limited access||Limited access|
|Edit corp-wide security policies||Access||No access||No access||No access|
|Create or edit Corp Rules||Access||No access||No access||No access|
|View Corp Rules||Access||Access||Access||Access|
|Create or edit Corp Lists||Access||No access||No access||No access|
|Create or edit Corp Signals||Access||No access||No access||No access|
|View corp integrations||Access||Access||Access||Access|
|Edit corp integrations||Access||No access||No access||No access|
|View corp audit logs||Access||Access||Access||Access|
|View users||All sites||Specific sites||Specific sites||Specific sites|
|Invite or remove other users||All sites||Specific sites||No sites||No sites|
|Allow users to create API Access Tokens||Access||No access||No access||No access|
|Create or delete sites||Access||No access||No access||No access|
|View site-level data and reports||All sites||Specific sites||Specific sites||Specific sites|
|Edit site blocking mode||All sites||Specific sites||Specific sites||No sites|
|Edit site IP anonymization policy||All sites||Specific sites||Specific sites||No sites|
|View associated users||All sites||Specific sites||Specific sites||No sites|
|Edit site Display Name and Short Name||All sites||Specific sites||Specific sites||No sites|
|Change Blocking Mode||All sites||Specific sites||Specific sites||No sites|
|Create or edit rules||All sites||Specific sites||Specific sites||No sites|
|View rules||All sites||Specific sites||Specific sites||Specific sites|
|Create or edit signals||All sites||Specific sites||Specific sites||No sites|
|View signals||All sites||Specific sites||Specific sites||Specific sites|
|Create or edit lists||All sites||Specific sites||Specific sites||No sites|
|View lists||All sites||Specific sites||Specific sites||Specific sites|
|Create or edit redactions||All sites||Specific sites||Specific sites||No sites|
|View redactions||All sites||Specific sites||Specific sites||Specific sites|
|Create or edit integrations||All sites||Specific sites||Specific sites||No sites|
|View integrations||All sites||Specific sites||Specific sites||Specific sites|
|Create agent keys||All sites||Specific sites||Specific sites||No sites|
|View agent keys||All sites||Specific sites||Specific sites||No sites|
|View site audit logs||Access||Access||Access||Access|
|Personal Account Management|
|Edit account profile information||Access||Access||Access||Access|
|Create, edit, view support tickets||Access||Access||Access||Access|
|Create API Access Token||Limited access||Limited access||Limited access||Limited access|
Owner users can manage the sites or users of their corporation.
Corp management menu
In the top-level navigation, you should see a menu item named Corp Manage. This menu allows you to manage sites and users across your organization.
Under the Corp Manage menu, click Sites. This page lists all the sites in your corporation, along with their agent mode and number of members.
Adding a site
To add a site, click New site. Choose a display name, a short name to be used in the URL, and the agent mode. Once you’ve added the site, set up the agent and module by following the installation process.
Note: By default, your corporation has a limited number of sites. If you need more, contact support for assistance.
Editing a site
Edit any site by clicking the pencil icon to the far right of the site. The site configuration page allows you to:
- Change the display name
- Change the short name
- Change the agent mode
- Toggle IP anonymization
Deleting a site
A site can be deleted by selecting the Delete button next to the site. Only Owners have the ability to delete sites.
A site cannot be deleted if it:
- Is the current active console
- Is the last site remaining for the corp
- Has users that aren’t members of any other sites
Note: If you would like to delete a site meeting any of the conditions listed above, reach out to our support team.
Removing an agent
Once an agent has been offline for 3 days, it will disappear from the agents list automatically.
Under the Corp Manage menu, click Manage Users. This page lists all the users in your corporation, along with their roles, site memberships, and whether they have 2FA enabled, as well as the list of pending invited users.
Adding a user
Click the Add user button. Enter their email and choose a role and site memberships.
Note: A user must belong to at least one site.
When the user is invited, they’ll receive an email to register an account. They must click the Accept invite button at which point they’ll be prompted to set their account password. After creating their account, they will then have access to all the sites they’re a member of. The invitation is valid for 3 days. If the invitation is expired, resend the invite by clicking the pending user’s row and clicking the Resend Invite button from the User Edit page.
Editing or deleting a user
Click the user’s row to change their role as well as delete the user from the corporation.
Resetting 2FA for a user
To reset 2FA for a user, click the pencil icon next to the user. Click the Disable button next to their 2FA status. The user will then be able to sign into their account and reconfigure 2FA.
Auditing two-factor authentication
Audit two-factor authentication (2FA) usage via the “2FA” column in the users list. We don’t currently support 2FA enforcement.
See Single Sign-On for more information about enabling Single Sign-On.
If your corp has Single Sign-On enabled, an Owner user can set a user to bypass SSO, which allows them to log into the Signal Sciences console via username & password, without needing to authenticate through your SSO provider.
Allow a user to bypass SSO by clicking Allow this user to bypass Single Sign-On (SSO).
API Access Tokens
See Using Our API for information about personal API access tokens.
Assigning or removing a user from a site
Assign a user to a site by navigating to that specific site, clicking Site Manage > Site Settings from the navigation, and selecting the Users tab. From there, click Manage site users and select either Invite new user to invite an entirely new user or Assign existing users to choose an existing user in the corp. If the user doesn’t already belong to the corp they’ll be provisionally added to the site and receive an invitation email to join your corp.
In addition to the method described above, Owner users can also assign users by going to Corp Manage > Corp Users in the navigation bar at the top. On that page, Owners can select specific sites from the dropdown menu on the left and assign users to that site by clicking Assign existing users to this site. Alternatively, Owners can select a User’s row, and from the User Edit page, select which sites that user should be assigned to manage. In this case, they will have their same role across every site membership.
For more information on member roles see How do permissions work?
Set the duration for a validated session for your corp by navigating to Corp Manage > User Authentication > Account timeout. Supported formats are in number of days, hours or minutes.
Note: The default timeout is 30 days.