You can add users to help manage and monitor your Nebula console. You must be an Administrator or Super Admin to add new users.
User roles are as follows:
- Super Admin: Unrestricted access to the Nebula platform.
- Administrator: Full read and edit access to any groups they belong to. Administrators cannot adjust syslog logging or change single sign-on settings.
-
Read Only: Read access to any groups they belong to. They can generate reports and receive notifications, but cannot make any other system changes.
Note: Read Only users can access sensitive policy data, including Tamper Protection password, with ThreatDown API's. This can be used to modify the endpoint agent on the machine.
- Available = ✓
- Unavailable = ✕
Super Admin | Administrator* | Read-Only | |
Create Super Admins | ✓ | ✕ | ✕ |
Create Administrators | ✓ | ✓ | ✕ |
Create Read-Only Users | ✓ | ✓ | ✕ |
Create and edit Groups | ✓ | ✓ | ✕ |
Edit Users | ✓ | ✕ | ✕ |
Deploy Endpoints | ✓ | ✓ | ✕ |
Manage Endpoints | ✓ | ✓ | ✕ |
Create and edit Policies | ✓ | ✓ | ✕ |
Create and edit Exclusions | ✓ | ✕ | ✕ |
Create and edit Scheduled scans | ✓ | ✓ | ✕ |
Generate Reports | ✓ | ✓ | ✓ |
Create Notifications | ✓ | ✓ | ✓ |
Receive Notifications | ✓ | ✓ | ✓ |
Create Support ticket | ✓ | ✓ | ✕ |
*=Applies only to assigned Groups
User role access for Endpoint Detection and Response (EDR) features
The following table shows which User roles have visibility to Endpoint Detection and Response features and settings in Nebula. Active Response Shell requires two-factor authentication and the Nebula Account Owner (NAO) must provide permissions to the Super Admin.
Super Admin | Administrator* | Read Only | |
Modify EDR Policy Settings | ✓** | ✓ | ✕ |
Suspicious Activity Remediation | ✓** | ✓ | ✕ |
Ransomware Rollback | ✓ | ✓ | ✕ |
Close Suspicious Activity Incidents | ✓ | ✓ | ✕ |
View Suspicious Activity | ✓ | ✓ | ✓ |
View EDR Policy Settings | ✓ | ✓ | ✓ |
Flight Recorder Search | ✓ | ✓ | ✓ |
*=Applies only to assigned Groups.
**=Active Response Shell permission must be enabled for each Super Admin so they can edit the policy settings and launch the command shell.
Add a new user
To add another user, follow the steps below. We recommend having multiple admins in case you get locked out of your account due to two-factor authentication.
- On the left navigation pane, go to Configure > Users.
- In the top-right of the screen, click New.
- Enter the email address for the new user, choose a role, and select groups for them to belong to.
- Click Invite.
The user email must be unique to Nebula and not currently in use. Creating task-specific emails or '+' plus addressing can be a unique email for Nebula.
For more information, see:
When invited, the user receives an email that prompts them to create a login for their account. After creating their account, they may sign in and use the Nebula platform.
The original link stops working if the invited user does not create an account within 14 days. You can resend the invite to the user if needed. Return to this screen, check the email checkbox, and click Resend Invite.
Delete a user
- On the left navigation pane, go to Configure > Users.
- Select Users. A list of users displays.
- Select a user.
- In the top right, click Delete.
- To delete the user, click Delete on the confirmation window.
Note: The initial administrator account is the NAO, which is a unique account. This account cannot be deleted. If you need to change the NAO, contact Sales.
Require two-factor authentication
Super Admins can require all users to use two-factor authentication when logging into Nebula. For more information, see Two-factor authentication (2FA) settings in Nebula.