Skip to main content

How to Manage Users and Authentication in Cado

In the Cado platform, you can control user access to both processed data and raw data stored in the cloud, ensuring users only access the data they need.

Cado Platform Roles

RBAC (Role Based Access) ensures only authorised individuals have access to specific features and data. This is based on permissions defined for the role they are assigned.

User Types

User RoleDescription
AdministratorAbility to access all functionality in the Cado platform
Platform AdministratorA more restricted set of permissions than Administrator, with a focus on operational aspects of the platform including upgrades, account management, and troubleshooting.
Lead AnalystA restricted set of permissions with a focus on managing investigations including user access and taking response actions
AnalystA more restricted permission set than the Lead Analyst role, with a focus on conducting investigations including acquiring and analysing evidence

Role Permissions Matrix

The below table is a breakdown of permissions across each of the different roles and their levels of access.

Permission GroupPermissionAdministratorPlatform AdministratorLead AnalystAnalyst
Response ActionsView response actions
Create/Delete/Update response actions
Invoke response action
AlarmsView alarms
Create/Delete alarms
Audit LogView and download audit log
View audit log history
AuthenticationAuthenticate to the platform
API KeysView API keys
Create API keys
Delete API keys
Cloud AccountsView cloud accounts
Create/Delete cloud accounts
DetectionsView detections
Export detections
View detection rules
Create/Delete/Update detection rules
Create investigation from detection
InvestigationsView investigation and associated data
Create/Delete/Update associated investigation data
Delete all investigations
Create investigation
Delete investigation
EvidenceImport evidence and data
Download evidence
LicenseView platform license
Delete/Update platform license
MetricsView platform metrics
NotificationsDelete all notifications
View platform notifications
Delete specified notification
Saved ScriptsInvoke saved script and commands
SettingsView intelligence
Delete/Update intelligence
View settings
Create/Delete/Update settings
View authentication settings
Update authentication settings
Create/Delete/Update scripts
View scripts
Saved QueriesView saved queries
Create/Delete/Update saved queries
WebhooksView webhooks
Create/Delete/Update webhooks
SystemUpgrade and reboot the platform
View and download system logs
View platform details and health status
Platform StatusView platform status
PipelinesView pipeline details
Cancel pipeline
View and download pipeline logs
Rerun pipeline
Cancel all pipelines
UsersView all users
Create/Delete/Update users
View user details
Update user details
EULASign EULA
GroupsView user groups
Create/Delete/Update user groups
WorkersView worker details
Terminate worker
RolesView roles

Users-Groups-Roles

Configuring Single Sign-On (SSO)

Cado supports SSO integration with Azure AD, Okta (OAuth or SAML), and PingID. When SSO is configured, the Cado platform automatically creates the user at first login. By integrating SSO, you can enforce authentication mechanisms such as two-factor authentication supported by your SSO provider.

Managing Accounts

Accounts in Cado correspond to cloud accounts in AWS, Azure, or GCP that have the necessary permissions to access cloud resources. Only Administrators can manage accounts. These accounts are automatically populated when CSP credentials are added, following instructions for AWS, Azure, and GCP.

It’s recommended to perform Account Checks periodically to ensure correct permissions are in place for successful data acquisitions. See Account Check for more details.

Managing Groups

Groups allow Administrators to manage user access to investigations and cloud resources. Only Administrators can create or manage groups.

To create a new group:

  • Go to Groups.
  • Click Add Group.
  • Enter the group name.
  • Enter the corresponding SSO group name to auto-assign users who log in via SSO.
  • Assign users and select the CSP Accounts the group should have access to.

Groups

Creating a New User

Only Administrators can create new users. When a new user is created, a temporary password must be set, which the user will be required to change upon first login.

To add a new user:

  • Go to Teams.
  • Click Create User.
  • Assign the user a role from the dropdown
  • Click Add new user

Granting Administrator Access

To grant Administrator access to a user:

  • Go to Teams.
  • Next to the user, click the Edit icon Edit.
  • Assign the user a role from the dropdown
  • Click Confirm.
caution

Follow the principle of least privilege when creating users and assigning Administrator access.

Granting Access to an Investigation

To grant a user or group access to an existing investigation:

  • Go to Investigations and select the investigation.
  • Click the Investigation Settings button
  • Assign Users from the dropdown
  • Assign Groups from the dropdown
  • Click Save Changes

Password Policy

Passwords must:

  • Allow special characters.
  • Be at least 8 characters long, including 1 number and 1 uppercase letter.
  • Avoid commonly used passwords.