Manage users

In the ColorTokens Spectrum portal, a user account is linked to the email address of the user. Role-based Access Control (RBAC) is used to control access to the users who access the organizations and the instances of the ColorTokens apps from Spectrum.

Invite users

  • If you are adding a user for the first time to Spectrum (or with a unique email address), an email invitation is sent to the user with an activation link. The user must click the activation link and set a password for the user account (on the Spectrum Registration page). 

  • If you are adding an existing user (user account) to an instance or organization, you must preferably use the email address that is associated with the user's user account in Spectrum. The user will automatically see the new organization and its instances in Spectrum App Switcher. You can always add an existing user with their different email address; this creates an additional Spectrum account for the user.

Add users

Adding a user to an organization and its instance involves adding the basic details of the user and assigning a Spectrum RBAC role to the user. You can assign one of the following Four Spectrum roles to a user - Org Admin, Instance Manager, User Manager, and Tech Support User.

Add Org Admins

Add more Org Admins to your organization when you want more people to manage Org Admin activities such as managing users, licenses, and authentication options for the organization.

Note the following when you add Org Admins.

  • You must be the Org Admin for the organization to be able to add more Org Admins.

  • The Org Admin you add to an organization is assigned the same privileges that are assigned to you. 

  • By design, an Org Admin is One of the Instance Admins for all the instances in an organization.

  • You can add up to Four additional Org Admins for an organization. If you want to add more Org Admins, email us at customer.support@colortokens.com.

  1. Go to Users.

  2. Select an instance from the Instance drop-down list.

  3. Click Add User.

  4. Select Org Admin from the Role drop-down list.

  5. Add the first name, last name, and email address of the Org Admin.

  6. Click Add.

Add Instance Managers

Add Instance Manager to instances when you want more people to secure and monitor the assets and hosts managed from Xshield and Xprotect. Instance Managers are added at the level of an instance.

The Instance Manager role can be further customized to the following 4 sub-roles - Instance Admin (Full Access), Instance Observer (Read Only), Policy Manager, and Asset Manager. For the complete list of app-specific privileges assigned to the Instance Manager sub-roles in Xshield and Xprotect, see RBAC roles in Xshield and RBAC roles in Xprotect.

To add an Asset Manager, you can use the Scope tags you previously added to the instance. You can also add new Scope tags when you add the Asset Manager. 

To allow Asset Managers access to their Scopes, you must assign the Scope tag in the respective instances.

  • In Xshield, you can assign the Scope tag at the level of Workload groups, Endpoint groups, and multiple selected assets.

  • In Xprotect, you can assign the Scope tag to multiple selected hosts.

  1. Go to Users.

  2. Select an instance from the Instance drop-down list.

  3. Click Add User.

  4. Select Instance Manager from the Role drop-down list.

  5. Add the first name, last name, and email address of the Instance Manager.

  6. Select Instance Manager from the Role drop-down list.

  7. Select One of Instance Admin (Full Access), Instance Observer (Read Only), Policy Manager, or Asset Manager from the Select Product Role drop-down list.

  8. (Optional) If you selected Instance Manager, click Add Scope and add the Scope tags assigned to either the Xshield assets or the Xprotect hosts.

  9. Click Add.

Add User Managers

Add User Managers to an instance if you want to delegate the user management activities to specific users. User Managers cannot launch instances or see app licenses.

  1. Go to Users.

  2. Select an instance from the Instance drop-down list.

  3. Click Add User.

  4. Select User Manager from the Role drop-down list.

  5. Add the first name, last name, and email address of the User Manager.

  6. Click Add.

Add Tech Support Users

Add Tech Support Users when you want technical assistance from the ColorTokens Technical Support team.

  1. Go to Users.

  2. Select an instance from the Instance drop-down list.

  3. Click Invite ColorTokens Tech Support.

  4. Add the email address of the Technical Support User.

  5. Click Invite.

Edit Asset Manager scopes

Edit the scope tags for an Asset Manager when you want them to manage a different set of assets or hosts.

  1. Go to Users.

  2. Select an instance from the Instance drop-down list.

  3. Click the 3-dot menu for the Asset Manager and click Edit Scope.

  4. Add or remove scopes.

  5. Click Save.

Remove users from instances

The type (role) of users you can delete depends on your current user role. See RBAC role privileges for more details.

  1. Go to Users.

  2. Select an instance from the Instance drop-down list.

  3. Click the 3-dot menu for the user and click Remove user.

  4. Click Remove user.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.