Skip to content

Excalibur Enterprise Roles Description

Introduction

This document describes roles in Excalibur Enterprise and relations between them. User and Manager roles are set up by Active Directory and Administrator, Auditor and Service Desk are set up by Excalibur Dashboard.

Despite multiple User roles a User might have, everyone is logged into the Dashboard under the User role by default. Regular User only sees his / hers own Actions and Sessions. A deployed Excalibur instance always has at least one User with the Administrator role assigned.

In Dashboard User Interface (UI) in the top left corner, there is a drop-down menu to choose among different User Roles assigned to the User. Each Role implies its own range of capabilities available in the Dashboard.

Roles in Excalibur are created in two ways. The first is setting from Active Directory (AD) where the user is defined with his/her level on the company's hierarchy. By default, each account created in the Active Directory has a user role in the Excalibur. Manager role and relation between peers are defined too. Second way is to assign the roles for users in the Excalibur dashboard such as Administrator, Service desk and Auditor. In case that User, Manager, Auditor or Service role are combined with Administrator role, then they are able to edit fields in non-admin role page, or are redirected to Administrator role page.

How to assign a Manager role in Active Directory

  1. Login to your AD server
  2. Open Server Manager and select Tools > Active Directory Administrative Center
  3. Select user from the list and open user details
  4. Add a manager role by selecting other user account

  5. If you want to assign a manager for this user, click on the Edit button on Organization tab part Manager. Fill the name of the manager and confirm it.

If users have the same manager, then users are peers.

  1. If you want to assign subordinates to manager, click on the Add button next to Direct reports and fill name of subordinates and save it

How to assign role in Excalibur Dashboard

Only Excalibur Administrator can assign the role in Excalibur Dashboard. The procedure how to assign the role for user is following:

  1. Firstly, User have to be assigned to the User group. Procedure how to assign a user to group is described in Excalibur Administrators Dashboard Manual
  2. Go to Security section and click on Roles
  3. Select role which you want assign for User group
  4. By clicking on + or - button on the right side you can add or remove user groups from / to list.
  5. Select the group from the list and confirm by the Add or Remove button.

Roles description

User

By default, each account which is created in Active Directory has a user role. User is a person, an end-user who uses Excalibur to Authenticate and Authorize against Company’s Client(s) and integrations, utilizing his/hers personal Token, and if available on a given Client, manage his/hers sessions. User might also Verify his/hers colleagues (if allowed and required), Reset his/hers own authentication factors, as well as expired password on a Client (if applicable). Every user can also log into the Dashboard, where a regular User only sees his/hers own Actions and Sessions. Detailed description for User Dashboard interface is in Excalibur User’s Dashboard Manual document.

User: Section Summary

Overview

SectionDescription
Own Overview Contains user’s Sessions, Actions, Incidents, Tokens, Computers, Accounts, Policies, Groups, Roles and Subordinates organized in tabs.
Actions List of all Actions took by a user, such as Authentication, Authorization, Verification, Registration, Factor reset and Tokenless Authentication.
SessionsList of all Logged, Active, and Manual sessions, as well as their History.
PAMList of PAM resources which are assigned to user

Manager

Manager is a person who uses Excalibur to Authenticate and Authorize against Company’s Client(s) and integrations, utilizing his/hers personal Token, and if available on a given Client, manage his/hers sessions. Manager might also Verify his/hers colleagues or subordinates (if allowed and required), Reset his/hers own authentication factors, as well as expired password on a Client (if applicable). Every manager can also log into the Dashboard, where a regular Manager can see his/hers own Actions and Sessions. Manager can see and manage settings of his/her subordinates who are managed by him/her. Manager role is set up in the Active Directory by adding subordinates to User account.

Manager: Sections summary

Overview

SectionDescription
Overview Page with statistics tabs which provide information about Actions, Devices, Sessions and incidents. They can be shown by date interval.
Users List of all subordinates who are assigned to manager. Manager sees name of geofence fromwhere is user logged.
Timeline Summary view of subordinates activity during a given day.
Actions List of all actions took by subordinates.
Sessions List of all managers and subordinates logged, active, and manual sessions, as well as their history.
Computers List of all computers at manager group, with their names, Excalibur version, OS and current status information.
PAM List of PAM resources which are assigned to user

Security

SectionDescription
Incidents Lists of all registered incidents by manager group in Excalibur.
Verifications List of all verifications that happened or are currently happening at manager group in Excalibur.

Status

SectionDescription
Versions List of all Operating System (OS) versions, Statuses and Excalibur versions (version of a respective component) of every device in manager group, as well as a summary of all versions currently used.
Errors Lists of all errors that happened in the manager group under every component.

Administrator

Administrator is a person in the company who has access to all settings at Excalibur Dashboard and who is responsible for the administration of Excalibur system. Administrator can manage all settings in the Excalibur Dashboard. Detailed description for Administrator Dashboard interface is in Excalibur Administrator’s Dashboard Manual document

Administrator: Sections summary

Overview

SectionDescription
Overview Page with statistics, which provides information about Actions, Devices, Sessions and incidents. They can be shown by date interval. There is a tab with server information too. Server can be rebooted from this place and show Logs from Active Directory Facade.
Users List of all Active Directory users with their registered Tokens. Administrator sees name of geofence fromwhere is user logged.
Timeline Summary view of users activity during a given day.
Actions List of all actions took by every user.
Sessions List of all logged, active, and manual sessions, as well as their history.
Computers List of all computers with their names, Excalibur version, OS and current status information.
Components Lists of all currently deployed Excalibur components and their versions.
PAM List of all PAM resources. Administrator can create PAM resources, sees File transfer and cen search a words in PAM session as wel as preview a recorded PAM sessions
SAMLPage for SAML setup

Groups

SectionDescription
Users List of all groups of users created in Excalibur.
Computers List of all computers groups created in Excalibur.
Geofences List of all groups of geofences created in Excalibur.

Security

SectionDescription
Roles List of all roles from the company's Active Directory.
Security policies Page to view, edit, add or remove individual policies.
Incidents Lists of all registered incidents in Excalibur.
Verifications List of all verifications that happened or are currently happening in Excalibur.
Geofences Page which serves to manage existing and create new geofences in Excalibur.
Audit Page which provides information about changes in a list.
Logger Logger tab provides information about each action of the user's token as well as statistic of login pervormance and logining.

Status

SectionDescription
Versions List of all Operating System (OS) versions, Statuses and Excalibur versions (version of a respective component) of every device in Excalibur ecosystem, as well as a summary of all versions currently used.
API Access tokensSetting page for API tokens
Syslog Lists of all errors that happened in Excalibur under every component.

Auditor

Some companies can require a role for a person who will control the settings of Excalibur. For this case is the Auditor role in Excalibur. This person has access to Excalibur Dashboard like as Administrator but the Auditor can't execute changes of settings. Auditor sees locatiom fromwhere the user executes action

Auditor: Sections summary

Overview

SectionDescription
Overview Page with statistics tabs which provide information about Actions, Devices, Sessions and incidents. They can be shown by date interval. There is a table with server information.
Users List of all Active Directory users with their registered Tokens. Auditor sees name of geofence fromwhere is user logged.
Timeline Summary view of users activity during a given day.
Actions List of all actions took by every user.
Sessions List of all logged, active, and manual sessions, as well astheir history.
Computers List of all computers with their names, Excalibur version, OS and current status information.
Components Lists of all currently deployed Excalibur components and their versions.
PAM List of all PAM resources. Auditor sees PAM detial, File transfer and cen search a words in PAM session as wel as preview a recorded PAM sessions.

Groups

SectionDescription
Users List of all groups of users created in Excalibur.
Computers List of all computers groups created in Excalibur.
Geofences List of all groups of geofences created in Excalibur.

Security

SectionDescription
Roles List of all roles from the company's Active Directory.
Security policies Page to view, edit, add or remove individual policies.
Incidents Lists of all registered incidents in Excalibur.
Verifications List of all verifications that happened or are currently happening in Excalibur.
Geofences Page which serves to manage existing and create new geofences in Excalibur.
Audit Page which provides information about changes in a list.
Logger Logger tab provides information about each action of the user's token as well as statistic of login pervormance and logining.

Status

SectionDescription
Versions List of all Operating System (OS) versions, Statuses and Excalibur versions (version of a respective component) of every device in Excalibur ecosystem, as well as a summary of all versions currently used.

Service desk

Service desk is role for technical support of Users. Sevice desk has same access to Excalibur dashboard like Administrator, but It has restricted access to edit data in account and fields such as Policies, Groups, etc.

Service desk: Sections summary

Overview

SectionDescription
Overview Page with statistics tabs which provide information about Actions, Devices, Sessions, Incidents and Report. They can be shown by date interval.
Users List of all Active Directory users with Excalibur app installed and registered into Excalibur. Service desk sees that geofence fromwhere is user logged is checked.
Timeline Summary view of users activity during a given day.
Actions List of all actions took by every user.
Sessions List of all logged, active, and manual sessions, as well as their history.
Computers List of all computers with their names, Excalibur version, OS and current status information.
Components Lists of all currently deployed Excalibur components and their versions.
PAM List of all PAM resources. Service desk sees PAM detial, File transfer and cen search a words in PAM session as wel as preview a recorded PAM sessions.

Groups

SectionDescription
Users List of all groups of users created in Excalibur.
Computers List of all computers groups created in Excalibur.
Geofences List of all groups of geofences created in Excalibur.

Security

SectionDescription
Roles List of all roles from the company's Active Directory.
Security policies Page to view, edit, add or remove individualpolicies.
Incidents Lists of all registered incidents in Excalibur.
Verifications List of all verifications that happened or are currently happening in Excalibur.
Geofences Page which serves to manage existing and create new geofences in Excalibur.
Logger Logger tab provides information about each action of the user's token as well as statistic of login pervormance and logining.

Status

SectionDescription
Versions List of all Operating System (OS) versions, Statuses and Excalibur versions (version of a respective component) of every device in Excalibur ecosystem, as well as a summary of all versions currently used.

Peer

Peer is a special term which is used in policy for verification of users. Peer is not a real role, but it means that user’s accounts created in Active Directory are on the same hierarchy and have the same manager. Users without the same assigned manager are not peers.