Admin users

This section includes:

• Admin users
  • About Perception Point X‑Ray admin-users
  • About admin-user roles
  • Types of admin-users
  • Inviting new standard admin-users
  • Adding new SAML admin-users
  • Admin-user access - Parent and child organizations
  • SSO using Google Chrome or Microsoft 365

About Perception Point X‑Ray admin-users

The Admin Users page lets you manage the admin-users in your organization. Admin-users are those users that have access to Perception Point X‑Ray.

To open the Admin Users page: In Perception Point X‑Ray, in the left navigation menu, select Account > Admin Users.

The Admin Users page is available to admin-users with the "Admin" role only.

About admin-user roles

Each Perception Point X‑Ray admin-user is assigned a user role. The role defines the tasks that the admin-user is permitted to perform in Perception Point X‑Ray. The Roles Scope table shows a summary of the available roles when you edit an admin-user in the Admin Users page.

Role functionality	Explanation
Upload files	Can upload files to be analyzed. For details, see Self Analysis.
View scans	Can view scans in the Scans page. Note: An "Email Flow Manager" will be able to see only scans for emails that are currently quarantined; scans for emails that are not currently quarantined will not be visible.
Preview and download	Can preview and download scan details in the Scans page.
Scan actions	Can perform various actions on scans in the Scans page. Note: An "Email Flow Manager" will be able to see only scans for emails that are currently quarantined; scans for emails that are not currently quarantined will not be visible.
Settings	Can configure Perception Point X‑Ray settings.
Manage users	Can configure admin-users. See About Perception Point X‑Ray admin-users above.

Note: Only an admin-user with the "Admin" role can change the role of an admin-user. For all other user roles, the Edit [] button [see below] will not appear.

To change the role that is assigned to an admin-user:

1. In the Admin Users page, locate the user, and click Edit [].

2. Select the required Role, and then click Save Changes.

Types of admin-users

Admin-users may be either standard admin-users or SAML admin-users.

• Standard admin-users: The credentials of the admin-user are managed in Perception Point X‑Ray.

  For details on how to add a new standard admin-user, see Inviting new standard admin-users below.

• SAML admin-users: The credentials of the admin-user are managed in an external identity provider - such as Azure AD or Okta.

  To create a new SAML admin-user, the admin-user needs to first sign-in to Perception Point X‑Ray using the "Log in with SSO" option, or via the SAML app. The first time the new admin-user successfully signs-in to Perception Point X‑Ray, a corresponding new admin-user will be created in Perception Point X‑Ray.

  For details on how to implement integration with an identity provider, see Identity Provider [IdP] Integration - SSO [X-Ray].

The admin-user type is displayed in Perception Point X‑Ray as the Connection Type.

Inviting new standard admin-users

You use invitation emails to invite new standard admin-users. You can invite just a single admin-user at a time. When you invite a new admin-user, an invitation email is sent to the email address that you specify for the user. Before you send the email, you must specify the role that will be assigned to the new user, and you can limit the set of verdicts for which the user is able to access scans in the Scans page.

Note: Only an admin-user with the "Admin" role can invite a new admin-user. For all other user roles, the Add User button [see below] will not appear. You can't add an admin-user to an organization that is Inactive. [See Understanding the Organizations page] If your organization is configured to force users to sign-in to Perception Point X‑Ray using SAML, then it is not possible to add [invite] new admin-users using the procedure that is described on this page. [The Add User button (see below) will not appear.] Instead, the admin-user needs to sign-in to Perception Point X‑Ray using the "Log in with SSO" option, or via the SAML app. The first time a new admin-user successfully signs-in to Perception Point X‑Ray, a corresponding new admin-user will be created in Perception Point X‑Ray. For further details, see Forcing SAML sign-in. Each admin-user is identified by an email address. Any specific email address can be assigned to only one organization in Perception Point X‑Ray. Therefore, an admin-user can't be added to more than one organization - unless a different email address is used for each organization. An error "Failed to invite user" or "Failed to send invite" may indicate that the email address is already associated with another organization. Workaround: If an admin user already exists in one organization, then add a suffix to the email address to be used in the new organization. For example, if admin-user@acme.com is already used, then you can add admin-user+child1@acme.com to the new organization. [This is commonly known as "plus addressing" or "sub-addressing."] It isn't possible to bulk-add admin users. It can't be done using Perception Point X‑Ray, and it can't be done by Perception Point Support.

To invite a new standard admin-user:

1. In the Admin Users page, click Add User. The Add Admin User dialog box opens.

   

   Dialog box options
   Email address	Specify the email address of the new admin-user. An invitation email will be sent to this email address.
   Role	Select a role for the new admin-user. The role defines the user's access permissions within Perception Point X‑Ray.
   View verdict permissions	Some roles permit admin-users to access scans in the Scans page. By default, when an admin-user is permitted to access scans, the admin-user is able to access scans that have any verdict. "View verdict permissions" lets you specify that the user will be permitted to access scans that have specified verdicts only.
   Organization	Select the Organization that the new admin-user will be able to access. See Admin-user access - Parent and child organizations below for additional information.

2. Click Send Invitation. An invitation email will be sent to the specified email address.

3. When the new admin-user receives the invitation email, the admin-user should click Join Now inside the email, and then click Sign Up in the dialog box that opens.

   

   After performing the sign-up procedure, the new admin-user will be able to log-in to Perception Point X‑Ray using the credentials that were used to sign-up.

4. Use the following URL to access Perception Point X‑Ray:

   https://xray.perception-point.io/

Note The "Join Now" link in the invitation email expires 72 hours after the email is sent. If the "Join Now" link expires, there is an option to resend the invitation. This resend option appears in the list of admin-users. This option will appear until the user logs-in successfully to Perception Point X‑Ray. If a user has been sent an invitation email, but has not yet signed-in to Perception Point X‑Ray, you are not able to delete the user. Contact Perception Point Support [support@perception-point.io] for assistance.

Adding new SAML admin-users

To create a new SAML admin-user, the admin-user needs to first sign-in to Perception Point X‑Ray using the "Log in with SSO" option, or via the SAML app. The first time the new admin-user successfully signs-in to Perception Point X‑Ray, a corresponding new admin-user will be created in Perception Point X‑Ray.

Note: You can create SAML users only if you have enabled SSO. For details, see Identity Provider [IdP] Integration - SSO [X-Ray] If your organization is configured to force users to sign-in to Perception Point X‑Ray using SAML, then it is not possible to add [invite] new admin-users using the procedure that is described on this page. [The Add User button will not appear.] For further details, see Forcing SAML sign-in.

Admin-user access - Parent and child organizations

• An admin-user in a parent organization is able to access all the child organizations as well - even though the admin-user is not registered in the child organizations. This applies only when the parent organization is an MSSP-type organization. Admin-users in all other organization-types can access only the organizations in which they are registered - and not any child or sibling organizations in which they are not registered.

• An admin-user in a child organization can access that child organization only [and not the parent organization or any sibling organizations].

SSO using Google Chrome or Microsoft 365

Perception Point X‑Ray supports Single Sign-On (SSO) for standard admin users via Google Chrome and Microsoft 365 authentication. Users that are signed-in to their Google accounts or Microsoft 365 accounts will be able to access Perception Point X‑Ray without entering any credentials.

• This SSO option is available for standard admin users only - not to SAML admin users.

• You must first invite an admin user to Perception Point X‑Ray to enable the SSO functionality for the admin user.

• After an admin user has been invited to Perception Point X‑Ray, the admin user can access Perception Point X‑Ray using either of these options in the sign-in process:

  • Continue with Google

  • Continue with Microsoft 365

    

See also: 

• Setup