User Account Best Practices

Overview

Depending on how you would like your users to interact with Liongard, you can change user access. Below are instructions on how to enforce global Multi-factor Authentication (MFA), how to add a user in Liongard, and descriptions of each available Permission Group.

Enforcing Global Multi-factor Authentication (MFA)

To enforce MFA globally, navigate to Your Username > Company Settings > Security > Multi-Factor Authentication

How to Add a User in Liongard

Follow the steps below to add a new User in Liongard.

  1. In Liongard, navigate to Admin > Users > Users > Select Add User
  2. Fill in the following fields:
  • First Name: New user's first name
  • Last Name: New user's last name
  • Username: Create a username for the new user
  • E-Mail: New user's E-Mail address
  • Department: Select the most relevant Department for this user
  • Receive Technical Updates via Email?: Toggle on if you would like this user to receive emails from Liongard based on his/her Department
  • Two-Factor Authentication: Select if you would like the new user to use Two-Factor Authentication to access their Liongard account. This is a recommended best practice and can be turned on globally as indicated in the section above
  • Groups: Select the Groups you would like this user to be a member of. Please use our best practices below to help determine which Groups are best for this user
  • Note: For each Environment, you can choose for a user to be an Environment Administrator or an Environment Reader
  1. Select Save

This user will receive an email from [email protected] to access their new account.

Password Policy

There are two requirements for users' passwords:

  1. Minimum password length of eight characters
  2. Minimum password complexity of letters, at least one symbol, and at least one number

Dark Mode

Users have the ability to enable Dark Mode in Liongard.

  1. Click your username in the top right-hand corner and select Account Settings.
  2. Change the color theme to Dark Mode and click Apply.

Liongard Permission Groups

The table below outlines what each Liongard Permission Group can and cannot access in the platform along with a brief description of the Permission Group

User GroupCanCannotCan view users in other EnvironmentsUser Recommendations
Global AdministratorsFull read and write access to the entire platformN/AYes, all usersUsers who will implement and/or manage Environments, Platform Integrations, Inspectors, Agents, Users, all features in Liongard, as well as manage Company Settings and the Liongard instance as a whole.
Global Environment ManagersFull read and write access to Environments, Inspectors, Agents, and all features in Liongard for all Environments. Read Only access for Platform Integrations and Users.Create or modify Platform Integrations and Users. View Company Settings.Yes, all usersUsers who will implement and/or manage Environments, Inspectors, Agents, Users, and all features in Liongard
Global ReaderRead Only access to Environments, Platform Integrations, Inspectors, Agents, Users, all features in Liongard, as well as Company Settings and the Liongard instance as a whole.Create or modify Company Settings, Environments, Platform Integrations, Inspectors, Agents, Users, and any features in Liongard.NoUsers who need full visibility but do not need implementation and/or management capabilities in Liongard.
Global IntegratorsRead and write access to Platform Integrations, Agents, and Inspectors. Read Only access to Environments, Users, and all features in Liongard.Create or modify Environments, Users, and features in Liongard. View Company Settings.NoUsers who will implement and/or manage Platform Integrations, Agents, and Inspectors
Environment AdministratorsFor assigned Environment(s), read and write access to Environments, Inspectors, Agents, Users, and all features in Liongard.View Company Settings and Platform Integrations. Will not have access to any unassigned Environments or unassigned Agents (unless the Agent was installed using the Environment Administrators user account)Yes, but only users in their assigned EnvironmentUsers who will implement and/or manage Environments, Inspectors, Agents, Users, and all features in Liongard for a subset of Environments.
Environment ReadersFor assigned Environment(s), read only access to Environments, Inspectors, Agents, Users, and all features in Liongard.View Company Settings and Platform Integrations. Will not have access to any unassigned Environments or any unassigned Agents.NoUsers who will need visibility into Environments, Inspectors, Agents, Users, and all features in Liongard but do not need implementation and/or management capabilities for a subset of Environments
User AdministratorsRead and write access to UsersView Company Settings, Environments, Platform Integrations, Inspectors, Agents, Users, and all features in Liongard for all EnvironmentsYes, all usersUsers who will implement and/or manage Users.

Idle Timeout Value

Liongard will log out users who have been idle for four hours.

Individual User Maintenance

User Maintenance options can be found by clicking an individual username on the Users tab of the Access Management page. On the User Details page, the following options are available:

  • Force Logout: Selecting this button will immediately log this user out of their Liongard instance
  • Reset Password: Use to reset the user's password
  • Reset MFA: This will reset the user's current MFA method and they will be prompted to set it up again upon the next log in attempt
  • Delete: Use to remove the user account
  • Account Status: Use to temporarily disable a user account

Bulk User Maintenance

Many user maintenance functions can be handled in bulk on the Users tab of the Access Management page.

Activating users, deactivating users, resetting user passwords, forcing log out of users, deleting users, and resetting MFA are all functions that can be performed using the bulk selector and the Actions dropdown menu.