Skip to content

User Management

Only Org Admins can access User Management within the NodeZero Portal.

Each new user must be invited to a company account. If a user accesses the NodeZero Portal via social login or private SSO without an invite, this creates a personal, read-only account. By default, this personal account does not have access to any company accounts.

A user with Portal Org Admin access can send an invite to enable the user to switch from their personal account to their company account. The company account will become the default for all of that user's future logins.

NodeZero User Access and Control

Portal Login Types

The NodeZero Portal supports the following login types.

Username and Password

This login type requires MFA (multi-factor authentication).

Social Logins

The NodeZero Portal supports:

Info

NodeZero Federal requires customer‑managed single sign‑on (SSO) via your own identity provider. This product does not support local email/password or social login methods.

User Management Settings

Users with Portal Org Admin access are able to manage users and SSO provider settings, via the User Management menu.

To access the User Management menu, click the user profile button at the NodeZero portal's top right, then select Settings.

Access user management from user profile button

Next, click User Management.

User management tab

Add Users

Click the + User (Add User) button to add users to your company account. All fields are required. Pay careful attention to the Role field to ensure that you're selecting the appropriate level of Portal access.

Add users button

Add User form - Name, Email, and Role (dropdown) fields

Portal Access Roles

The available NodeZero Portal access roles are:

  • Org Admin – Full access to the company account.

  • User – Access to run, schedule, and view pentests.

  • Readonly – Access to only view previous pentest results.

Where Portal Org Admins already have a Basic username/password account, they will retain their username/password access to the NodeZero Portal even if SSO Only is enabled for the company account to which they belong. If you want to enforce Org Admins' login via SSO only, not username/password, please contact your Customer Success representative.

User Notifications

When a user is added without SSO, they will receive two emails to the email address provided in the Add User form: a welcome email, and an email with temporary credentials to complete their account registration.

If SSO Only is enabled for a company account, the user will receive a single welcome email. This will direct them to follow whatever NodeZero Portal login processes their company has in place, via their identity provider.

Edit or Delete Users

You can edit or delete existing users by clicking the Actions menu (⠇) to the left of the user's name.

User options dropdown (edit, delete)

Next, select the appropriate action: Edit User or Delete User.

If you are using the Tripwires or Rapid Response feature, you can enable or disable users' access from the Edit User selection.