What’s the User Management section about?
This section shows all the users (not end-points) Guardz pulled from your global admin account (Google / Microsoft).
A user is typically associated with an employee. Still, depending on how your primary app (Google/Microsoft) is configured, you may also see shared inboxes and even meeting rooms in this list.
You’ll be able to monitor each user's status in a macro view - role, Guardz license, cloud apps used, and module open issues.
The User Management can be accessed from the main left bar.
User Management section
View license status per user
Activate/Disable the Guardz license per user.
View and assign the user role.
View active cloud applications per user/email based on activation within the cloud app module.
Modules status: monitor which users have any open issues in each active module
*All changes/edits to licensing and role must be made in the single customer view (relevant to MSP plans only).
Status
The status column indicates if the user has an Active Guardz license (check mark) or not (x). You can easily change the license by activating or turning off the Guardz protection by clicking the user avatar.
Upon initial connection, or when a new user has been added, Guardz pulls the status of the user from your main directory and will make a suggestion on the license status:
Regular employees - will be assigned an active license by default
Shared inboxes - will be assigned with an active license by default
(*Will be counted as a paid license per shared inbox)
Inactive / suspended account - will be assigned with an inactive license by default
Conference rooms - will be assigned with an inactive license by default
External / Temporarily users - will be assigned with an inactive license by default
Keep in mind that only users with an active license will be protected by Guardz and counted as active subscriptions.
To change the user to active or inactive select the relevant option from the Status column on the right-hand side. Be sure to save the changes via the Save button at the bottom of the page. To discard changes, press the X to close the box.
Admins can also change the statuses of multiple users at a time. Using the check-boxes on the left-hand side, select all users you would like to edit. At the bottom of the page will be the option to either activate or deactivate all selected users. Select the appropriate option.
Roles
What are the different user roles? How to assign a role to a user?
Each user will have their own role in Guardz. Each role has its permissions and limitations.
The user who connects their global admin account will be assigned the Admin role (by default). User roles can be modified at any time by clicking on the role for each user in the table or through the settings. MSPs can assign admin roles to anyone in their organization to manage customer accounts. Members of a single organization can also be made into admins for that specific account.
Member
The members are the organization users who will be assigned a Guardz license. Guardz will protect their activity (based on the activated modules) and will update them on any detected issues related to them. They will have limited access to the User Portal for completing assigned tasks, such as completing an Awareness campaign or handle on quarantined emails. This is the most common role. MSP Admins may choose to give users who may be admins in other workspaces such as Google Workspace this role as it limits their access,
Admin
Single Customer Admin
An Admin can activate modules, remediate issues, and edit user settings within their specific company.
When the MSP Admin adds new customers under the MSP account, only the Admin in the MSP account will be assigned as admin by default (the customers of the tenant admin will be assigned as members by default).You can assign an unlimited number of Admin users to each account.
MSP Account Admin
Similar to the Admin in a single company, the Admin in the MSP account can view all managed customers, including these MSP-specific views and features:
Create prospecting reports.
Manage subscriptions and billing.
Access global organization settings
Monitor and remediate issues.
Access the growth hub.
The MSP Admin is referred to simply as “Admin” when viewing the MSP tenent.
Viewer
A Viewer, similar to an Admin, has access to all sections of the platform but in a read-only capacity. Viewers cannot make changes, activate modules, or remediate issues.
Single Customer Viewer: Can only view sections related to their specific company.
MSP Account Viewer: Has view-only access to all sections across the platform for all customers.
Note: When changing the user role, the user will not be notified about the change from Guardz. Make sure to send them a message letting them know about the role change, and to send them the link to your Guardz platform: http://app.guardz.com. They will use their main workspace credentials (Microsoft / Google) to log in.
Changing a user’s role in Guardz will not interfere with their role assignment or admin permissions in other systems such as Google Workspace.
Automate User Activation and Deactivation
Using this feature, you can automate the user's license based on activity in the cloud directory (Google Workspace and Microsoft 365).
Choose whether Guardz automatically activates or deactivates new users or if you prefer manual activation.
Group-Based Activation and Deactivation: Specify from which groups a user will be automatically activated or deactivated from.
The feature can be found on the Users Page > 'Settings' button, as well as the Cloud Directory section in the Security Control.
This feature provides greater flexibility, automation and control over user management, ensuring that access aligns with your organizational policies and security needs.
By assigning users to different groups, the MSP can choose to automatically activate or deactivate suspended, inactive, or deleted users. The MSP Admin can quickly filter users from view to identify the correct groups for automated activation or deactivation. They can also select multiple groups to automate.
Image 1: User selection with both automations selected
Image 2: Example of user with group assignments
Image 3: Filtering of users by group
Image 4: Example drop down menu of different groups to select for automated protections
Cloud Apps
For each cloud app that was activated (using the Cloud Apps module), you can see if the user has an active user with the app.
The user screen will not indicate issues related to Cloud Apps.
By knowing which user has an active user in a Cloud App, you’ll be able to understand better if they require an active Guardz license.
Modules Status:
Compromised Data | Cloud Apps | Awareness | Web Browsing
For each module, there will be an indication of the status of the user's performance. The icons below will appear under each module for each one of the users:
(?) The module was not activated for the entire organization
(x) There is an open issue for the user
(v) There are no open issues
User Management Settings
The settings screen is another way to activate/ disable the Guardz license and change the user role. The status column indicates if the user has an active Guardz license (green check mark) or not (red X). You can easily change the license by activating or turning off the Guardz protection by clicking the user avatar or selecting Settings and making bulk changes.
User Management Share
Export to CSV
Export the user’s table for each organization in a CSV format.
Print the users' table (same as it looks in the Users Section)
FAQ Users Management
Question: How do I add internal team members?
📍Answer: To add any additional members to the team, you'll need first to add them to your main workspace and assign them with a license.
Then Guardz will pull them automatically into the platform, and you can set them as active users.If you want to add a contact for all tenants, navigate to Security Controls -> Automated Detection and Response, click the edit button, and add the contact.
If you want to add a contact for a specific tenant, on the same page, there is a toggle at the top labeled "Override Global Settings." Once you enable this, you’ll be able to add the contact for that specific tenant.
Question: Will new users get an invitation?
📍Answer: Once a new user is added to Guardz, whether they are an Admin, a Viewer, or a Member, they do not get a notification.
All they need to do is to navigate to the log in page: and use their main workspace credentials (Microsoft / Google) to log in to the organization: app.guardz.com/login.
Question: How do I add a coworker as a user to my MSP account?
📍Answer: To add someone to your MSP account, first make sure they exist in your cloud directory. Then once they are synched into Guardz, go to the Users page, click on that person’s row and change their role to either Admin which gives them full access or Viewer which is read-only access.
They can log in with their regular Microsoft / Google credentials via the log in page: app.guardz.com/login.
Question: How do I change groups for a user?
📍Answer: User groups are set up in the Cloud Directory and then pulled automatically into Guardz.
Question: What happens if a user doesn't have an assigned license in Azure?
📍Answer: Even if a user doesn’t have an assigned license in Azure, their account will remain enabled in Guardz. The account still requires protection, and we do not recommend deactivating the user in Guardz for these cases.