User Account Settings

This topic describes the settings for DMARC Protection user accounts.

User Information

Setting	Description
Full Name	The user’s full name for display, as shown in the list of users, at the top of each page while the user is logged in, and in the audit logs of activity.
Email	The user’s email address, which is used for the user’s login credentials as well as the destination address for reports and alerts. Note that this email address used for the invitation email with the initial activation token.
Default Dashboard	Select the Dashboard that displays to the user upon login.
Secondary Authentication	If your organization uses single-sign on (SSO), this option determines whether secondary authentication (username and password) is optional or required. If you do not select this option, SSO is always used, and if the SSO provider is unavailable at the moment of sign in, application access is not possible. If you select this option, you are then given two additional options: Only when SSO fails: The user is prompted with a password field if the SSO provider fails Exclusively (do not authenticate with SSO): The user is always prompted for a password (SSO is not used)

Roles

Roles define what functionality of DMARC Protection a user can access, and each role is defined by specific and unique access permissions. At least one role must be selected for a user.

The role list is hierarchical in that selecting a role selects every role below it automatically, but roles do not inherit the permissions of the roles beneath them. You can clear individual roles for a user underneath any selected role, but clearing certain combinations may result in unexpected user interface behavior.

There are 2 categories of user roles:

Administrator Roles: Can make changes to settings in your organization
Read-only Roles: For receiving alerts or viewing data

Role	Description
Administrator Roles
Organization Administrator	Manage organization level settings. This includes setting password rules for your organization, setting session expiration times, setting the data collection policy, and setting restrictions on IP-based access control lists for DMARC Protection users.
Domain Policy Administrator	Manage domain level settings. This includes adding, editing, or deleting domains or Custom Domain Groups from your organization and editing the Sender Inventory for your organization.
Threat Administrator	Manage threat level settings. This includes configuring your organization’s Threat Feed and editing your organization’s URI allow list.
User Administrator	Manage users, including adding, editing, or deleting users in your organization. When you create a User Admin, you must assign the types of roles this Admin can give to users (see Role usage examples below).
Read-Only Roles
Auditing User	View audit logs for your organization and users in your organization.
Readonly User	View data and schedule reports in the web portal.
Report User	Receive scheduled reports and alerts. NOTE: User with only this role, assigned by itself, cannot view data directly in DMARC Protection. Such users can only receive emailed reports that are scheduled by other users, receive emailed alerts when subscribed by other users, and view the list of reports subscribed to. To create an account to use in sending reports or notifications to a mailing list rather than a person, create and invite a user as normal, then in the Users list, click on the user’s name to edit that user, add a strong password, click Update, and your fictitious user is now activated and available for receiving reports.
Threat Feed Submission API User	To retrieve only threat feed data via the DMARC Protection application programming interface (API) via the threat_feed_submissions endpoint. This allows third-party take down vendors to access only the specific information they need without allowing broader API access such as to failure sample data that could include personal information. User accounts who are assigned this role should be assigned only this role. User accounts that are assigned only this role do not have access to the DMARC Protection product, any other APIs, or the API documentation. To use the user account with this role to access the API for threat feed data, obtain the access token and the endpoint URL from your administrator.

Domain Access

By default, new user accounts will be assigned access to All Domains.

You can limit user access to specific domains by assigning the user access to a custom Domain Group:

Click on the arrow next to Domain Access to select specific domain groups.

View the available domains groups, and select one or more custom Domain Groups from the list.

The user will only be able to

See information about domains
View only the reports
Receive alerts

for the set of domains that are part of the selected domain groups.

For example, users with domain-specific access can only see data related to the domain(s) to which they have access, so their view(s) when accessing Email Traffic analysis of What does my DMARC trend look like? will differ from the view(s) available to users with access to all domains.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
202404031216 | April 2024