User administration

Learn how to change the user passwords, how to create new internal users and how to integrate ThreatLockDown with different Identity Providers (IdP) to implement Single Sign-On (SSO).

In the password management section, you can find instructions on how to use the ThreatLockDown passwords tool to change the passwords of both the ThreatLockDown indexer and the ThreatLockDown manager API users.

The RBAC section contains directions on how to create ThreatLockDown indexer users, also known as internal users, assign them different roles and map them to the ThreatLockDown manager API. Find out how to create an admin user, a read-only user, a custom user, and a user with permission to read and manage only a group of agents.

In the single sign-on section, you can find instructions on how to integrate ThreatLockDown with different Identity Providers to implement Single Sign-On. Find instructions for Okta, Microsoft Entra ID, PingOne, Google, Jumpcloud and OneLogin.

In the LDAP integration section, you can find instructions on how to integrate ThreatLockDown with LDAP/Active Directory to authenticate and authorize users.

• Password management
  • Changing the password for single user
  • Changing the passwords for all users
  • Changing the passwords using a formatted file
  • Changing the passwords in a distributed environment
• ThreatLockDown RBAC - How to create and map internal users
  • Creating and setting a ThreatLockDown admin user
  • Creating and setting a ThreatLockDown read-only user
  • Creating an internal user and mapping it to Wazuh
  • Use case: Give a user permissions to read and manage a group of agents
• Single sign-on
  • Setup single sign-on with administrator role
  • Setup single sign-on with read-only role
• LDAP integration
  • LDAP server configuration
  • Authentication and authorization configuration
  • Map LDAP role to ThreatLockDown dashboard