Enabling automatic user deprovisioning
This article describes the Automatic User Deprovisioning feature and its benefits.
Pre-Requisites
- You must be a partner administrator for both BullPhish ID and KaseyaOne.
- You must have login credentials for BullPhish ID and KaseyaOne. If you do not have them, contact your administrator.
- You must have the same email address for BullPhish ID and KaseyaOne accounts.
- Before the Automatic User Deprovisioning feature can be enabled, the Enable Log In with KaseyaOne toggle must be activated.
Automatic User Deprovisioning feature
The Automatic User Deprovisioning feature automatically deactivates a user in BullPhish ID when the user is deactivated or deleted in KaseyaOne.
NOTE Users cannot be deleted in BullPhish ID. Therefore, if a user is deleted in KaseyaOne, the user will be deactivated in BullPhish ID.
When enabled, the feature provides the following benefits:
- When you deactivate or delete users in KaseyaOne, you no longer need to manually deactivate each user in BullPhish ID, resulting in a more efficient offboarding process.
- It helps prevent security and billing issues. If you don’t enable the Automatic User Deprovisioning feature, security and billing concerns may occur when user accounts are offboarded in KaseyaOne but the accounts are mistakenly left active in BullPhish ID.
You enable the Automatic User Deprovisioning feature on the KaseyaOne tab on the MSP's Settings page.
User Access table
The User Access table lists your organization’s users and includes the following information:
- Name: User’s name.
- Email: User’s email address.
- Account Type: User’s assigned user role.
- Account Status: Indicates whether the user account is enabled in BullPhish ID.
- Phishing Access: If selected, the user has access to the Phishing Simulation module.
- Training Access: If selected, the user has access to the Training & Awareness module.
- Last Login: Date and time the user last logged into BullPhish ID.
NOTE User account status in BullPhish ID is separate from user account status in DarkWeb ID.
Partner User Access table
At the MSP level, the table is called the Partner User Access table and is accessed via the Partner User Access tab on the Settings page.
SMB User Access table
At the organization level, the table is called the SMB User Access table and is accessed on the organization’s Settings page.
Notes:
This information applies to both the Partner User Access table and the SMB User Access table.
- Only the module information for which the organization has a subscription is displayed. In this example, the organization has a phishing subscription but not a training subscription. Therefore, the Training Access column is not displayed.
- The logged in user’s own record is locked, meaning the user cannot edit or delete their own record. In this example, EJ is logged in and therefore, the corresponding record is locked.
Partner Administrator
A Partner Administrator can add users, edit data (e.g, enable/disable users, enable/disable access to phishing and training modules) in the Partner User Access table and the SMB User Access table.
Partner Agent
- A Partner Agent can only view data in the Partner User Access table.
- A Partner Agent can add users, edit data (e.g, enable/disable users, enable/disable access to phishing and training modules) in the SMB User Access table.
Privileged User
A Privileged User can add users, edit data (e.g, enable/disable users, enable/disable access to phishing and training modules) in the SMB User Access table.
When you edit user information in the Partner User Access table or the SMB User Access table, the changes are reflected in the Edit User modal. For example, if the user’s Phishing Access check box is cleared (so it is not selected), in the Edit User modal for this user, access to the Phishing Simulation module will be disabled.
SMB User Access table
Edit User modal
NOTE When a user’s Status is Inactive, the Save and Send Welcome Email button is inactive.
This section describes the outcome of actions you may take involving a user’s Account Status when the Automatic User Deprovisioning feature enabled. The scenarios apply to both the Partner User Access table and the SMB User Access table.
- Scenario 1: The user’s Account Status, Phishing Access, and Training Access are enabled. Then, you delete or disable the user in KaseyaOne.
Outcome: The user’s Account Status is disabled in BullPhish ID and access to the Phishing and Training modules is disabled as well.
Note: Disabling the user manually in the User Access table or in the Edit User modal disables access to the Phishing and Training modules.
It is important to note that although the Phishing and Training modules have been disabled, their settings have been retained (the modules are still selected).
If Account Status were enabled again for this user, access to the Phishing and Training modules would be enabled as well. - Scenario 2: The user’s Account Status is enabled but only one module is enabled. Then, you delete or disable the user in KaseyaOne.
In this example, the user’s access to the Phishing module is enabled but access to the Training module is disabled.
Outcome: The user’s Account Status is disabled in BullPhish ID and access to the Phishing module is disabled as well. Note that the Phishing module setting is retained.
Note: Disabling the user manually in the User Access table or in the Edit User modal has the same outcome. - Scenario 3: The user’s Account Status, Phishing Access, and/or Training Access are enabled. Then, in BullPhish ID, you disable the user’s access to all modules that are currently enabled.
In this example, the user’s access to the Phishing and Training modules is enabled.
Outcome: When the user’s access to the Phishing module and Training module is disabled, the user’s Account Status is automatically disabled.