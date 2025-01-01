Users

ALTCHA Sentinel is a multi-user application that enables team collaboration. The application supports Accounts, which allow logical grouping of data (such as API Keys or Forms) and provide per-account access control for each user.

Add a New User

To grant a new user access to the application:

Navigate to Admin → Users. Click Create User. Enter a unique Username (can be an email address). Optionally, enable the Root toggle to grant the user the highest administrative privileges. Set the user’s password. Select the accounts the user will access and assign a role for each account. Click Create to confirm.

User Roles

Per-account user roles restrict access to account-specific data:

Admin : Full access to the selected account’s data.

: Full access to the selected account’s data. Member : Non-administrative access (read and limited write permissions).

: Non-administrative access (read and limited write permissions). Read-only: View-only access to the selected account’s data.

Role Permissions

The table below outlines entity access for each role:

Admin Member Read-only Security Groups Full access No access No access API Keys Full access No access No access Alerts Full access No access No access Logs Full access No access No access Dashboard Full access Limited access * Limited access * Forms Full access Full access Read-only Redirects Full access Full access Read-only Training Data Full access Full access Read-only Threat Intelligence No access No access No access Users No access No access No access Accounts No access No access No access

* Limited access to the Dashboard limits access to filtering options such as API key selection.

Managing Users, Accounts, and Threat Intelligence requires Root privileges.

Multi-Factor Authentication (MFA)

Sentinel supports Multi-Factor Authentication (MFA), allowing users to enable MFA independently from the application for enhanced security.

Enabling MFA

To enable MFA for your account, follow these steps:

Log in to the application. Click the user menu (located in the top-right corner of the application). Select Enable MFA. Scan the QR code using your preferred authenticator app, then enter the one-time password (OTP) for verification. Click Confirm.

Once enabled, you will be automatically logged out and required to log in again with MFA for security validation.

Disabling MFA

If you lose your device or lose access to your authenticator app, the root administrator can disable MFA for your account via the User Management section.

Supported Authenticator Apps

Google Authenticator

Microsoft Authenticator

Okta Verify

JWT Tokens

Users are authenticated via JWT tokens stored in a secure cookie. If a user’s device is lost or compromised, it is recommended to invalidate all issued JWT tokens to protect their account.

JWT Invalidation

In the Users section of the administration panel, locate the user whose JWT you want to invalidate. Expand the More menu (three dots) next to the user and select Invalidate JWT. Confirm the invalidation action.