This article describes how to manage users and groups in Panopta, including creating users and setting up access control levels and system roles. Select Settings > Users, Groups & On-Call from the navigation bar to access the page.
Users and groups
User accounts, groups, and on-call schedules in Panopta are managed in the Users, Groups & On-Call page. You can use this page to add, edit, or delete users and groups to your Panopta account.
The following table provides a description of the fields available in a user account.
|Name ||The user's name. The name defined here will be used in the control panel and in all communications.|
|Timezone ||The user's timezone.|
|Account type||Indicates whether the user can log in and access the control panel (Control Panel Access) or merely receives notifications (Alerting Only). |
Further access refinements for those with Control Panel Access can be made in the Access control section below.
|Tags ||(Optional) User tags are used to restrict access to dashboards.|
|Default dashboard||(Optional) If a default dashboard is selected, the user will be redirected to this dashboard when they log in to Panopta.|
|ACL roles||The scope of actions and infrastructure the user has access to within Panopta. Learn more about access control here.|
|Contact information||The |
Contact Information pane allows you to add various contact methods for the user, which are then later used in Alert Timelines. However, only email is required.
Note: By default, only accounts with the Account Admin role can add, delete, and modify users. Create or clone a custom role if you want to add these permissions to users but not necessarily have all the permissions of an Account Admin.
See Add users to your account for more information about adding users to your account.
To streamline management of users you assign to Alert Timelines, you can optionally add multiple users to alerting groups. Instead of assigning users one by one to a timeline, you can create a group and assign that group to the timeline. For example, if you have a group of Linux admins that you want to assign to an Alert Timeline for Linux servers, you can create a group called Linux Admins and assign that group to the timeline. If an incident occurs, all members of the group will be alerted.
To create and manage groups, see Create a Group.
Panopta's access control (ACL) provides you with the ability to control which actions a team member can perform in Panopta. The system is driven by roles, which are logical groupings of actions that a user can perform.
||Note: A user can have multiple roles. These roles are layered on top of one another. For example, a user can both have the Dashboard Admin and Server Admin roles.
Panopta provides the following system roles out of the box:
|Account Admin||Able to perform any activity within Panopta|
|Server Admin||Able to perform most activities, with the exception of user, integration, and API management, as well as a few other ancillary activities|
|Dashboard Admin||Full management of dashboards|
|Dashboard Viewer||Read-only access to dashboards|
|Incident Responder||Slightly more advanced than a read-only user. Allows the user to view instances, start maintenance, pause monitoring, and more|
|Billing Admin||Access to billing only|
|API Full Access||Full access to API functionality, including read and write operations |
|API Read-only Access||Read-only access to all API operations|
See Access control for more information.
You can create a custom role if you want to fine-tune the roles you use in Panopta. Custom roles can be comprised of any number of actions that are available in Panopta. For instance, you may want a role that allows a user to view and edit instances, but read-only access for network devices. When creating a custom role, you may choose to either start from scratch or clone an existing role.
See Add Custom roles for more information.
You can create, modify, or view On-Call schedules in the Users, Groups & On-Call page.
For more information, see Set up an On-Call schedule:
Single Sign-On (SSO)
Setting up SSO for your Panopta account allows you to use credentials configured in your organization's internal authentication tool (Active Directory, SAML, Okta). When you use SSO, users can benefit from not specifying separate credentials when logging into Panopta. Administrators can also save time by having a central management location for user accounts and authentication. To set up and use SSO, select Settings > Integrations then follow the steps provided in Single sign-on (SSO).
During SSO configuration, you have several options to control what happens when new users with your SSO credentials log in for the first time to Panopta. This includes:
- New user notification - The user to notify when a user logs in for the first time.
- Auto-create users - Select this option to automatically add users the first time they log in. If this option is not selected, new users will not be able to log in until approved by an administrator.
- Default roles for new users
- Assign roles manually - Manually select a role to assign to new users. You can select more than one role. See Access Control.
- Assign roles based on SAML mapping - Automatically assign roles to new users based on the configured SAML mapping. See SSO-based roles for more information.
- Default timezone - The timezone to assign to the new user.
These options are available under the User Configuration module. See Single sign-on (SSO) for more information.
Creating Users, Groups, and On-call Schedules video