Skip to content

User Management

Manage team members, roles, and permissions in Hive.

Overview

User management allows administrators to:

  • Invite team members
  • Assign roles and permissions
  • Manage user access
  • Track user activity
  • Configure authentication

User Roles

Available Roles

Viewer: - View dashboard - View assets - View vulnerabilities - View reports - No modifications

Operator: - All Viewer permissions - Create engagements - Run scans - Manage assets - Add findings - Generate reports

Admin: - All Operator permissions - Manage users - Configure settings - Manage API keys - Manage integrations - Access audit logs

Custom Roles: - Define specific permissions - Granular access control - Role templates - Per-engagement permissions

Permission Matrix

Permission Viewer Operator Admin
View Dashboard
View Assets
View Vulnerabilities
View Reports
Create Engagements
Run Scans
Manage Assets
Generate Reports
Manage Users
Configure Settings
Manage API Keys

Inviting Users

Invite Process

Steps: 1. Navigate to ConfigurationUsers 2. Click Invite User 3. Enter email address 4. Select role 5. Select organization(s) 6. Set permissions (if custom role) 7. Click Send Invitation

📸 Screenshot: User invitation form

Invitation Email: - Sent to user's email - Contains invitation link - Expires in 7 days - Can be resent if expired

User Onboarding

New User Flow: 1. Receives invitation email 2. Clicks invitation link 3. Creates account 4. Sets password 5. Configures MFA (recommended) 6. Completes profile 7. Accesses Hive

Managing Users

User List

View All Users: 1. Navigate to ConfigurationUsers 2. See all users in organization

User Information: - Name and email - Role - Status (active/inactive/pending) - Last login - Organizations - Permissions

Editing Users

Update User: 1. Click user in list 2. Click Edit 3. Modify: - Role - Organizations - Permissions - Status 4. Click Save

Editable Fields: - Role assignment - Organization membership - Custom permissions - Account status - Contact information

Deactivating Users

Deactivate User: 1. Select user 2. Click Deactivate 3. Confirm action

Effects: - User cannot log in - API keys disabled - Active sessions terminated - Data remains - Can be reactivated

Reactivate User: 1. Select deactivated user 2. Click Reactivate 3. User can log in again

Deleting Users

Delete User (Permanent): 1. Select user 2. Click Delete 3. Confirm deletion

Warning: - Cannot be undone - User data may be retained for audit - Consider deactivating instead

User Groups

Creating Groups

Group Benefits: - Manage permissions in bulk - Organize teams - Simplify access control - Consistent permissions

Create Group: 1. Navigate to ConfigurationGroups 2. Click Create Group 3. Configure: - Group name - Description - Permissions - Members 4. Click Create

Managing Groups

Group Actions: - Add/remove members - Update permissions - Rename group - Delete group

Group Membership: - Users can be in multiple groups - Permissions are cumulative - Most permissive wins

Authentication

Password Requirements

Default Policy: - Minimum 12 characters - At least one uppercase letter - At least one lowercase letter - At least one number - At least one special character - Cannot reuse last 5 passwords - Expires every 90 days (optional)

Admin Configuration: 1. Navigate to ConfigurationSettingsSecurity 2. Configure password policy 3. Save changes

Multi-Factor Authentication

MFA Options: - Authenticator app (TOTP) - SMS (if enabled) - Hardware token (Enterprise) - Backup codes

Enforce MFA (Admin): 1. Go to ConfigurationSettingsSecurity 2. Enable Require MFA 3. Set grace period 4. Save

User MFA Setup: 1. User menu → Profile 2. Click Setup MFA 3. Scan QR code 4. Enter verification code 5. Save backup codes 6. Enable MFA

Single Sign-On (SSO)

SSO Configuration (Enterprise):

Supported Providers: - SAML 2.0 - OAuth 2.0 - Azure AD - Okta - Google Workspace - Custom SAML

Setup SSO: 1. Navigate to ConfigurationSettingsAuthentication 2. Select SSO provider 3. Configure: - Identity provider URL - Certificate - Attribute mapping 4. Test connection 5. Enable SSO

User Activity

Activity Tracking

Tracked Activities: - Login/logout - Scan executions - Asset modifications - Report generation - Configuration changes - API usage

View Activity: 1. Click user 2. View Activity tab 3. Filter by: - Date range - Activity type - Engagement

Audit Logs

Admin Access: 1. Navigate to ConfigurationAudit Logs 2. View all user activities 3. Filter and search 4. Export logs

Audit Information: - Timestamp - User - Action - Resource - IP address - Result (success/failure)

Session Management

Active Sessions

View Sessions: 1. User menu → Profile 2. Click Active Sessions 3. See all active sessions

Session Information: - Device/browser - IP address - Location (approximate) - Last activity - Login time

Revoke Session: 1. Select session 2. Click Revoke 3. Session terminated

Session Settings

Configure Sessions (Admin): 1. Go to ConfigurationSettingsSecurity 2. Set: - Session timeout (default: 30 min) - Max session duration (default: 8 hours) - Concurrent sessions (allow/deny) - Remember me duration (default: 30 days) 3. Save

Best Practices

User Management

Least Privilege: Minimum necessary permissions
Regular Review: Audit users quarterly
Prompt Removal: Deactivate when leaving
Strong Passwords: Enforce password policy
Enable MFA: Require for all users

Role Assignment

Appropriate Roles: Match role to responsibilities
Custom Roles: Use for specific needs
Document Decisions: Note why roles assigned
Review Regularly: Verify still appropriate
Temporary Access: Use time-limited permissions

Security

Monitor Activity: Review audit logs
Investigate Anomalies: Check unusual activity
Enforce MFA: Require two-factor authentication
Session Timeouts: Use reasonable timeouts
Regular Training: Educate users on security

Troubleshooting

User Can't Log In

Check: - Account is active - Password is correct - MFA is configured - Account not locked - Email verified

Invitation Not Received

Verify: - Email address correct - Check spam folder - Invitation not expired - Resend invitation

Permission Issues

Confirm: - Correct role assigned - Organization membership - Custom permissions set - Group permissions - Engagement-specific permissions

Related: Groups | API Keys | Settings