If you would like to add a new user to your Agari Brand Protection, you need to make sure you have at least a role of User Administrator or higher
To add a user you will need to go to Admin > Users. You will be presented with a list of current users as well as information for the users such as; email address, domains managed, and permissions. Click Add New Users.
You will then be taken to the Create New Users page. Make sure to fill out the full name of the new user as well as their email address. The email address provided will be used during login.
You have the option to configure which default dashboard the user will see when logging into the system. The Protection dashboard gives you a view of your current work flow. You will see information pertaining to domains, alerts, and a list of To-dos, as well as additional workflow information. This is a great dashboard for users who will be configuring and actively working on domains. The Threat dashboard gives a high level view of current threats and activity. This would be a great dashboard for users who are collecting data or generating reports. Of course, it is your decision, choose whichever dashboard you feel will benefit the new user. The Executive Dashboard gives extensive reports on
- Threats Stopped - Total number of suspicious messages that were rejected or quarantined.
- Messages Authenticated - Total percentage of delivered messages passing authentication.
- Protected Domains - Number of domains that are protected with a DMARC policy of reject compared to the number of domains that have a DMARC policy of quarantine, monitor, or that lack a DMARC policy.
- Portfolio Complexity Report - Total number of Domains over the selected period of time matching the selected domain group (default is Active Domains). Includes an average of all customers in your region and industry for comparison.
- Trust Score - An index that represents how protected your email is. A perfect score of 100 means all of your sent email was protected by a DMARC reject policy. An industry Trust Score is shown for comparison and consists of the Trust Score average using all customers that belong to your industry and region.
- DMARC Message Authentication - DMARC pass and fail rates over a specified duration. An average of all customers in your industry and region is included for comparison.
- What is my Customer Protection Ratio? - The percent of suspicious messages that were successfully stopped. The ratio decreases when unprotected domains are attacked and those messages are delivered. The ratio increases as domains are protected and attacks are blocked. An average of all customers in your industry and region is included for comparison.
- Domain DMARC Policy, Trend - A monthly view of a specified time period showing the progression of DMARC policy configurations across your entire organization.
- High Value Domains - Your highest volume and most protected domains.
There are two types of roles available, Administrator and User. Administrator roles can make changes to settings in your organization. User roles can only view data/information. You can assign a role individually or in conjunction with another role (i.e. Organization Admin with Log Auditor user permissions. There is no hierarchical inheritance of role privileges). Use caution in choosing roles! We will automatically select roles below the highest level role you choose for a user. You can unselect roles, but unselecting certain combinations may cause odd UI behavior. Some examples of setting up users with roles are provided below.
Organization Admin - Manage organization level settings. This includes setting password rules for your organization, setting session expiration times, setting the data collection policy, and setting restrictions on IP-based access control lists for the users reaching the Agari web portal.
Domain Policy Admin - Manage domain level settings. This includes adding, editing, or deleting domains or Custom Domain Groups from your organization and editing the Sender Inventory for your organization.
Threat Admin - Manage threat level settings. This includes configuring your organization’s Threat Feed and editing your organization’s URI Whitelists.
User Admin - Manage users. This includes adding, editing, or deleting users in your organization.
Note: When you create a User Admin, you must assign the types of roles this Admin can give to users he/she creates (see examples below).
Auditing User - View audit logs for your organization and users in your organization.
Read Only User- View data and schedule reports in the web portal.
Report User- Receive scheduled reports and alerts.
Note: This role, assigned by itself, cannot view data directly in the portal. It can only receive emailed reports which are scheduled by other users, receive emailed alerts when subscribed by other users, and view the list of reports he/she has been subscribed to in the UI.
Threat Feed Submission API User - Retrieve only threat feed data via Brand Protection application programming interface (API) via the threat_feed_submissions endpoint. This allows third-party take down vendors to access only the specific information they need without allowing broader API access such as to failure sample data that could include personal information. User accounts who are assigned this role should be assigned only this role. User accounts that are assigned only this role do not have access to the Brand Protection product, any other APIs, or the API documentation. To use the user account with this role to access the API for threat feed data, obtain the access token and the endpoint URL from your administrator.
Restricted Domain Access
A user can be assigned access to a limited set of domains in your organization by assigning the user access to a Custom Domain Group. Click on the arrow next to Domain Access, to view the domains groups available for you to choose. When you choose one or more Custom Domain Groups from the list, the user you create will only be able to see domains that are part of these groups, in the portal and in reports, and will only receive alerts for this set of domains.
Note that using domain groups to assign access will cause a user to have a different view of data than other users with different domain access. For example, two users looking at a Data Explorer view of What does my DMARC trend look like? for Active domains might see different charts if they have access restricted based on different Custom Domain Groups.
By default, new users will be assigned access to All Domains.
Examples of the use of Roles
Create a Read Only user who can receive emailed reports and alerts:
When you select the Read Only role for a user, the Report User role will also be selected by default. In order to create a read only user who can also receive emailed reports and alerts, simply accept these defaults! If you choose to deselect the Report User role, your read only user will not show up in the list of available users to send a report to or the users who can be subscribed to alerts.
Create a User Admin with Read Only access and who can create other Read Only users:
To create this type you user you would select User Admin as the highest access role for the user. Since you want this User Admin to only be able to create and manage users with Read Only access and below, you would deselect the All privileges option in the Manage Users box directly below the User Admin role. Then select the Read Only and Report User options in that box. Now this user will be able to create and manage users with Read Only and below permissions.
Create a User Admin who can only create other users:
You want to create a User Admin for the sole purpose of creating or editing other users, i.e. he/she cannot use the product to view data or receive reports and alerts. You should select the User Admin role for the user you are creating and deselect all of the roles that are checked beneath User Admin. The user admin you create is allowed to create other users with All Privileges unless you change the setting in the Manage Users box below the User Admin role. If you would like this new user admin to be able to create all roles except for Organization Admin and User Admin, you will click the ‘x’ next to All Privileges, click in the box that now says Select Role Types, then select each of the roles except for Organization Admin and User Admin.
Create a user who can change domain settings, but can not create or edit users
Select the Domain Policy Admin role for the user you are creating. All roles beneath Domain Policy Admin will be selected by default. If you do not want this user to be able to create or edit other users, then deselect the User Admin role.
When you have made all of your configurations, make sure to click the Invite New User button.
Please sign in to leave a comment.