User management
This page illustrates the concept of organization (org), group, and user. Please also refer to User and Organization, Group in the Help.
- Groups can be created under organizations.
- A user can belong to multiple organizations/groups.
- Users who belong to a group also belong to the organization of the group.
- There are users who belong to the organization but not to any group.
- When they are first registered, deleted from all groups, or withdraw from all groups (see Removing a user from a group or Membership information).
- There are also users who do not belong to any organization.
- When they are first registered, deleted from all organizations, or withdraw from all organizations (see Removing a user from an organization or Membership information).
Register and create an organization and a group
We will explain how to sign up online for FutureVuls without an account and create an organization and a group.
The flow of signing up online and creating an org/group from the console.vuls.biz screen is shown in the above figure.
- Sign up online from the console.vuls.biz screen (Online sign-up).
- Receive an email with a verification code.
- Set a new password using the information in the email and log in.
- Right after the first login, you are not a member of any organization.
- Create an organization
- You will belong to OrgA but not participate in any group.
- Create a group
- You will belong to OrgA/GrpA.
Invite a non-registered user to a group
We will explain how to invite a non-registered user who has never logged into FutureVuls to join a group. There are two ways to invite someone.
Inviting Users to Login via ID/Password or Google Authentication
The owner of OrgA (organization administrator) invites members to the organization by clicking the “Add User” button in the “Members” section of the “Organization Settings” and following the instructions to invite users to the organization. An email with a temporary password will be sent to the invited email address, and the invited user should use this information to log in to FutureVuls. After logging in, the user will be automatically directed to the “User Settings” page, where they should click the “Agree” button to join OrgA as an invited member.
Invited users are not assigned to a group and cannot access vulnerability information. Therefore, please invite them to join a group as well.
Inviting Users to Login via SAML Authentication
To use this feature, SAML authentication must be set up. SAML authentication is only available with the CISRT plan.
The owner of OrgA invites members to the organization by clicking the “SSO User Add” button in the “Members” section of the “Organization Settings” and following the instructions to invite users to the organization. An email with a login URL will be sent to the invited email address, and the invited user should use this URL to log in to FutureVuls. Please bookmark this URL because it will be used for subsequent SSO logins. Invited users are not assigned to a group and cannot access vulnerability information. Therefore, please invite them to join a group as well.
Inviting Users Registered with FutureVuls but Not Yet a Member of the Organization to a Group
This section explains how to invite people who have already registered with FutureVuls but are not yet members of the target organization to a group.
The administrator of the OrgA/GrpA group clicks the “Invite External Users” link in the “Members” section of the “Group Settings” page to invite users. An email will be sent to the invited user. After logging in to FutureVuls, the invited user should click the “Agree” button on the “User Settings” page to join OrgA/GrpA as an invited member.
Inviting Users Who Are Already Members of the Organization to Other Groups
This section explains how to invite users who have already registered with FutureVuls and are members of the organization to other groups within the same organization.
The group administrator of OrgA / GrpA in the above figure selects users and invites them by selecting “Add user” > “Select from this organization” in the “Member” of “Group settings”.
An email will be sent to the invited user. After the invited person logs in to FutureVuls, if they press the “Agree” button on the User Settings screen, they will be considered as a member of OrgA / GrpA.
Allowing Pre-Registered Users to Login with SAML
This section explains how to make each user already registered with FutureVuls able to use SSO.
This operation requires completion of SAML Integration. SAML integration is only available with the CISRT plan.
Please refer to either of the following two patterns according to the policy of the organization to which you belong.
Allowing Users to Use Both Existing and SSO Login Methods
In this case, after completing SAML Integration, please share the login URL displayed on the settings screen with each user. Each user can log in via SSO from that URL. We recommend bookmarking this URL for subsequent SSO logins.
Allowing Only SSO Login and Disallowing Existing Login Methods for Users
After completing SAML Integration, follow to next steps.
- Open the Organization settings > Security.
- In the SSO settings, make sure “Invite only SSO users” is enabled.
- Open the Organization settings > Members.
- Press the “Add SSO user” button.
- Enter and submit the email addresses of the users you want to restrict to SSO login.
An email containing the login URL will be sent to the entered email addresses. If you have been invited, please access the URL and log in. We recommend bookmarking this URL for subsequent SSO logins. From now on, invited users can only log in via SSO.
Note that even for users who are not registered with FutureVuls, you can invite them to a group. To prevent cases where the group administrator unintentionally invites users other than SSO users when the group administrator and the organization administrator are different, you can configure it to allow only SSO logins using the following settings. Please use it according to the policy of the organization to which you belong.
- Open “SSO Settings” from “SSO” in “Organization settings”
- Turn on the “Invite only SSO users” switch
Removing a user from a group
This section explains how to remove a user from a group as a user administrator.
As a group administrator, select Remove member from “Group Settings” > “Members”. The removed user will be removed from GrpA as shown in the above diagram, but will still be a member of OrgA.
If a general user is removed from all groups in OrgA by the group administrator, the user will still be a member of OrgA but will not belong to any groups in OrgA. Since a general user cannot join a group on their own, please choose one of the following:
- Withdraw from the organization
- Ask the group administrator to invite you to a group
Removing a user from Org
The organization owner can select Remove member from “Organization Settings” > “Members” to remove a user from Org. The removed user will be removed from OrgA as shown in the above diagram. Even if the user is not a member of any organization, they will still remain in FutureVuls.
If a user is not a member of any organization, they can choose one of the following:
- Create a new organization here
- Ask the group administrator to invite you to an existing group
- Unsubscribe from FutureVuls (see below)
Unsubscribing from FutureVuls
You can completely unsubscribe from FutureVuls by selecting “Delete account” on “User Settings” > “Profile” > “Delete Account”.