User Administration
FireHydrant works best when your entire incident response team has access to create, update, and manage incidents together. Inviting your team is simple and can be done via the UI. All new users will have Member access. For a primer on FireHydrant's access roles, visit Role-Based Access Controls.
Who should be on FireHydrant?
At FireHydrant, we believe that reliability is a company-wide metric. To that end, FireHydrant is a strong fit for most members of your organization who either respond to incidents or need to be aware of incidents.
Our access roles reflect this philosophy:
- Viewers are intended for users who need to see incidents and incident activity but don't need to interact or take part. Some examples may include leadership or executive team members and customer-facing team members.
- Collaborators are lightweight responders who participate in incidents in a light capacity but don't need to configure any settings. Examples may include customer support team members or others who may fulfill external communications roles on incidents but are otherwise inactive in remediation.
- Members are full team members who respond to incidents and configure tool usage. This often includes engineering teams and other incident response teams.
- Owners have full permissions to everything in the platform and are reserved for IT/engineering super admins.
We recommend starting with your engineering, SRE, or other teams participating in on-call rotations and responding to incidents. From there, many FireHydrant customers tend to provide access to Support and Success personnel, who often need to communicate incident updates to customers and upper leadership, who may want access to Analytics and stay in the loop on severe incidents.
Inviting team members
If you have configured SSO, provisioning new users in your IDP will automatically provision team members according to application access. In addition, FireHydrant also supports SCIM for deeper automation and identity management.
The following instructions are for organizations not using SSO and authenticating via email.
- Go to Settings > Users.
- Click on the "+ Invite user" button. This takes you to a different page where you can enter the email address of whoever you want to invite to the FireHydrant organization.
- Provide the user's email address and click Send invite.
- After you invite a user, they'll receive an email prompting them to accept the invite and set up their account.
- When users click Accept My FireHydrant Invitation, they're prompted to provide their name and email, create a password, and accept the privacy policy. Then, they can accept the invitation and join your FireHydrant organization.
Note:
Make sure your team members accept your email invitation and don't sign up separately on the website. Signing up on the website creates a new organization and account. FireHydrant enforces unique email addresses system-wide, so if someone accidentally registers on their own, they will need to reach out to Support to disable the duplicate account/email before they can accept your invitation.
Manually Disable a FireHydrant User
Sometimes, teammates move on or change roles, and you want to ensure they can no longer access your FireHydrant account. Aside from reaching out to support, you can also do this yourself in the UI (requires Owner permissions).
- Navigate to Settings > Users and locate the user you want to disable.
- Click on the user, and scroll down to the "Disable user" section of the individual user details page. You can then choose to disable by selecting "Temporarily disable user." This is a reversible action, so have no fear! Disable away.
View Enabled/Disabled Users
On the Users page, you can search for specific users and filter users by Enabled/Disabled. To do this:
-
Navigate to Settings > Users.
-
Click on the Filter users dropdown or type into the search bar and hit 'Enter' to filter and search.
Automating User Administration
We recommend automating user provisioning and de-provisioning with SSO and SCIM when possible, as most enterprise companies will use an IDP to manage access to all of their applications.
In addition, FireHydrant does provide direct APIs to manage users via SCIM, in case you do not use an IDP but still want to manage users programmatically.
Next Steps
- As mentioned above, look at our SSO and SCIM docs or the API to see how you can automate FireHydrant account provisioning as part of your IDP workflows
- Read about Role-Based Access Controls on FireHydrant and how to assign the right roles for your users
- Learn more about Team Management as well as how to assign users and teams to incidents
Updated 3 months ago