User Management¶

Managing administrator accounts through the web interface.

Accessing User Management¶

Navigate: Dashboard → Users

Permissions required: Admin level 8+ (user management)

User List¶

Table columns: - Email (username) - Display Name - Privilege Level (1-10) - Status (Enabled/Disabled/Locked) - Last Login - Actions

Search/filter: - By email - By status - By privilege level

Adding Users¶

Click "Add User" button.

Required fields: - Email address (username) - Display name - Initial password - Privilege level (1-10)

Privilege levels: - 1-3: View only - 4-6: Standard admin - 7-9: Senior admin - 10: Super admin (full access)

Password requirements: - Minimum 12 characters - Uppercase + lowercase - Numbers - Special characters

User receives email with: - Login URL - Initial password - Instructions to change password

Editing Users¶

Click user row or edit icon.

Editable fields: - Display name - Privilege level - Status (enabled/disabled)

Cannot edit: - Email address (username) - Password (separate function)

Save changes.

Resetting Passwords¶

Click "Reset Password" for user.

Options:

1. Email reset link
2. User receives secure link
3. Link expires in 24 hours

4. User sets new password

5. Generate temporary password

6. Admin provides to user
7. Must change on next login

Security: Never share passwords via insecure methods.

Disabling/Enabling Users¶

Disable user: - Click "Disable" button - Confirms action - User cannot login - Sessions terminated

Enable user: - Click "Enable" button - User can login again

Use case: Temporary employee leave

Unlocking Locked Accounts¶

Accounts lock after failed login attempts.

To unlock: 1. Find locked user (status shows "Locked") 2. Click "Unlock" button 3. Optionally reset password 4. Notify user

Automatic unlock: After configured timeout (default: 30 minutes)

Deleting Users¶

Click "Delete" for user.

Confirmation required.

What happens: - User account removed - Sessions terminated - Audit log entry created - Cannot be undone

Cannot delete: - Your own account - Last super admin

Viewing User Activity¶

Click "Activity" for user.

Shows: - Login history (date, time, IP) - Configuration changes - Actions performed - Failed login attempts

Filter by: - Date range - Action type - Success/failure

Export: Download as CSV

Bulk Actions¶

Select multiple users (checkboxes).

Available actions: - Disable selected - Enable selected - Change privilege level - Export list

User Roles¶

Super Admin (Level 10)¶

Full system access: - All settings - User management - Security settings - System configuration

Senior Admin (Level 7-9)¶

Most administrative tasks: - Configuration changes - User management (below their level) - Reports and logs - Quarantine management

Standard Admin (Level 4-6)¶

Daily operations: - Quarantine review - Whitelist/blacklist management - Basic reports - Own profile settings

Viewer (Level 1-3)¶

Read-only access: - View dashboard - View quarantine - View reports - No modifications

Security Features¶

Session Management¶

View active sessions: Users → Select User → Sessions

Shows: - Current sessions - Device info - IP address - Login time

Terminate session: Useful if device stolen or suspicious activity.

Failed Login Monitoring¶

Dashboard shows: - Recent failed attempts - Source IPs - Targeted accounts

Automatic actions: - Account locks after 5 failures - IP blocks after 10 failures (across all accounts)

Password Policies¶

Enforced requirements: - Minimum length - Complexity rules - Password age (90 days default) - Cannot reuse last 5 passwords

Configure: Settings → Authentication → Password Policy

Audit Trail¶

All user management actions logged: - User creation - Password resets - Privilege changes - Account status changes - Login attempts

View: Reports → Audit Log → Filter by "User Management"

Best Practices¶

Privilege Levels¶

1. Principle of least privilege
2. Give minimum necessary access
3. Regular users: Level 5-6
4. Senior staff: Level 7-8

5. Super admin: Only 2-3 people

6. Review regularly

7. Quarterly access review
8. Remove former employees immediately
9. Adjust as roles change

Password Management¶

1. Require strong passwords
2. Enforce password rotation (90 days)
3. Enable 2FA for all admins
4. Use passkeys when possible

Account Security¶

1. Monitor failed logins
2. Review active sessions
3. Disable unused accounts
4. Lock accounts for inactive users (90 days)

Documentation¶

1. Document privilege assignments
2. Record reason for super admin access
3. Maintain contact information

CLI Equivalent¶

Most actions available via CLI:

# List users
sudo mb-admin-list

# Create user
sudo mb-admin-create --email user@example.com

# Reset password
sudo mb-admin-reset --email user@example.com

# Disable user
sudo mb-admin-disable --email user@example.com

# View audit log
sudo mb-audit-log --user admin@example.com

See Also¶

• 2FA Setup
• Passkey Setup
• Authentication Configuration
• Security Hardening