Esta página aún no está disponible en tu idioma.
Users
ALTCHA Sentinel is a multi-user application that enables team collaboration. The application supports Accounts, which allow logical grouping of data (such as API Keys or Forms) and provide per-account access control for each user.
Add a New User
To grant a new user access to the application:
- Navigate to Admin → Users.
- Click Create User.
- Enter a unique Username (can be an email address).
- Optionally, enable the Root toggle to grant the user the highest administrative privileges.
- Set the user’s password.
- Select the accounts the user will access and assign a role for each account.
- Click Create to confirm.
User Roles
Per-account user roles restrict access to account-specific data:
- Admin: Full access to the selected account’s data.
- Member: Non-administrative access (read and limited write permissions).
- Read-only: View-only access to the selected account’s data.
Role Permissions
The table below outlines entity access for each role:
| Admin | Member | Read-only | |
|---|---|---|---|
| Security Groups | Full access | No access | No access |
| API Keys | Full access | No access | No access |
| Alerts | Full access | Read-only | Read-only |
| Logs | Full access | Read-only | Read-only |
| Forms | Full access | Full access | Read-only |
| Training Data | Full access | Full access | Read-only |
| Users | No access | No access | No access |
| Accounts | No access | No access | No access |
Managing Users and Accounts requires Root privileges.
Multi-Factor Authentication (MFA)
Sentinel supports Multi-Factor Authentication (MFA), allowing users to enable MFA independently from the application for enhanced security.
Enabling MFA
To enable MFA for your account, follow these steps:
- Log in to the application.
- Click the user menu (located in the top-right corner of the application).
- Select Enable MFA.
- Scan the QR code using your preferred authenticator app, then enter the one-time password (OTP) for verification.
- Click Confirm.
Once enabled, you will be automatically logged out and required to log in again with MFA for security validation.
Disabling MFA
If you lose your device or lose access to your authenticator app, the root administrator can disable MFA for your account via the User Management section.
Supported Authenticator Apps
- Google Authenticator
- Microsoft Authenticator
- Okta Verify
JWT Tokens
Users are authenticated via JWT tokens stored in a secure cookie. If a user’s device is lost or compromised, it is recommended to invalidate all issued JWT tokens to protect their account.
JWT Invalidation
- In the Users section of the administration panel, locate the user whose JWT you want to invalidate.
- Expand the More menu (three dots) next to the user and select Invalidate JWT.
- Confirm the invalidation action.
Invalidating JWT regenerates a random jwtVersion value stored in the database for that user, immediately invalidating all previously issued JWT tokens.