Appearance
Manage Users
The Users page lets you view, edit, disable, and delete user accounts. Use it to maintain your team roster, adjust roles as responsibilities change, and revoke access when team members leave.
INFO
Requires Super Admin role.
Viewing Users
Navigate to Team Management > Users to see all user accounts in your organization.
The users list displays:
| Column | Description |
|---|---|
| Name | The user's display name. |
| The user's login email address. | |
| Role | The assigned role (Viewer, Posture Manager, Admin, Super Admin). |
| Status | Active or Disabled. |
| Last Login | The timestamp of the user's most recent sign-in. Shows "Never" if the user has not logged in. |
| Created | When the account was created. |
Filtering and Searching
- Search: Filter users by name or email using the search bar.
- Role filter: Show only users with a specific role.
- Status filter: Show only Active or Disabled users.
Editing a User
To modify a user's account:
- Click on the user in the list to open their detail view.
- Click Edit.
- Update the desired fields:
- Name: Update the display name.
- Role: Change the user's role. The change takes effect immediately -- the user's permissions are updated on their next request.
- Click Save.
INFO
The user's email address cannot be changed after creation. If a user's email changes, create a new account with the new email and delete the old one.
Changing a User's Role
When you change a user's role:
- Upgrading (e.g., Viewer to Posture Manager): The user gains additional permissions immediately. No sign-out is required.
- Downgrading (e.g., Admin to Viewer): The user loses permissions immediately. Any actions they attempt beyond their new role will be denied. Active sessions are updated automatically.
WARNING
Be cautious when downgrading a Super Admin. Ensure at least one other Super Admin account exists and is active. AttackLens prevents you from removing the last Super Admin.
Disabling a User
Disabling a user prevents them from signing in while preserving their account and audit history. This is preferred over deletion when you may need to re-enable the account later.
To disable a user:
- Click on the user in the list.
- Click Disable.
- Confirm the action.
When a user is disabled:
- They are immediately signed out of all active sessions.
- They cannot sign in again until re-enabled.
- Their audit log entries are preserved.
- Their name still appears in historical records (created assets, findings, etc.).
Re-enabling a User
- Click on the disabled user in the list (use the status filter to find disabled accounts).
- Click Enable.
- The user can sign in again immediately.
Deleting a User
Deleting a user permanently removes their account from AttackLens.
To delete a user:
- Click on the user in the list.
- Click Delete.
- Confirm the deletion in the dialog.
WARNING
Deleting a user is permanent and cannot be undone. Before deleting:
- Ensure the user is not the last Super Admin.
- Consider disabling the account instead, which preserves audit history and allows re-activation.
- Audit log entries created by the deleted user are retained but the user name may display as "Deleted User" in historical records.
Resetting a User's Password
If a user forgets their password:
- Click on the user in the list.
- Click Reset Password.
- Enter a new temporary password that meets complexity requirements.
- Click Save.
- Communicate the new password to the user through a secure channel.
The user should change their password immediately after signing in.
INFO
If SSO/SAML is enabled, password management is handled by your identity provider. The reset password option is not available for SSO users.
Audit Trail
All user management actions are recorded in the audit log:
- User created
- User role changed
- User disabled / enabled
- User deleted
- Password reset
Navigate to Settings > Audit Logs to review the full history of team management changes.