Manage users, teams, and organizations

All users in 42Crunch API Security Platform can manage their own accounts from the settings of their user account. Organization administrators have also the User Management tab where they can manage their organization and the teams in it. Organization administrators can also invite or add new users to the platform.

A screenshot showing User Management tab from the account settings.

Organization administrators have access to view and modify all API collections in their organization. This means that all API collections in an organization are visible to all organization administrators like the collections were their own, both on the API Collections page and in the monitoring dashboards. If an organization has several API collections, we recommend using more descriptive collection names that just organization and company name to be able to tell all collections apart.

Invite new users to your organization

As an organization administrator, you can invite new users to join your organization in 42Crunch Platform.

User invitations are switched off by default, and you cannot change the settings for invitation method yourself. If you would like to enable this feature in your organization or change its settings, contact 42Crunch support and let us know what kind of configuration (invitation mails or links, SSO or not) you would like to have.

  1. Click next to your username, and click Invitations.
  2. Click Create new invitation.

    An example screenshot of the invitation dialog

  3. Select the invitation type:
    • Email: An invitation mail with a client token is send to the email address you enter. This is the default and more secure option.
    • Link: An invitation link with a client token is generated and you can copy and share it to the user. Anyone with a valid invitation link can log in to the platform.
  4. If you selected email invitation, set the when the invitation expires. Invitation links always expire after 15 minutes.
  5. For email invitation, enter the email addresses where to send the invite. The email addresses also become the usernames of the new users in 42Crunch Platform.
  6. Select if you want to make new users organization administrators and which permissions you want to grant to them, and either send the invitation or generate the invitation link.

    These settings apply to all recipients of the invitation. If you do not want all your users to have the same permissions or to be organization administrators, pay attention who you include in recipients. As an organization administrator, you can always manage these settings after the accounts are created.

  7. If you selected invitation link, copy the link from the invitation summary and share it with the user before closing the dialog.

You can see the pending email invitations on the invitation page. When an invitation is accepted and user completes the account creation, or when the invitation expires, it is removed from the list. You can also manually remove a pending invitation if you click > Delete invitation.

Add a new user

Organization administrators can also manually onboard new users to their organization in 42Crunch Platform and add user accounts for them. User accounts for the auditor role must always be added manually, they cannot be invited to join.

  1. Click next to your username, and click Users. You can see all users in your organization, including your own account.
  2. To add a new user, click Create new user, fill in the required details, and click Create user. The user account is created, and a summary of the user details, including a sample message for the new user, is shown.

    An example screenshot of a summary of a new user

  3. Use the provided sample text to send the username and the temporary password to the person you created the account for.

The user sees the temporary password in cleartext in the mail, and the password must be changed on the first login. The account is flagged as pending and is not fully operational until this happens.

Manage user permissions

By default, sharing API collections and running API Conformance Scan are switched off on all user accounts. You can control which users in your organization have the permission to use these features.

Auditors cannot have any permissions.

  1. Find the user you want. You can search the users, for example, by name or by the permissions they already have:
    • +scan: Users that can run Conformance Scan
    • -scan: Users that cannot run Conformance Scan
    • +share: Users that can share API collections
    • -share: Users that cannot share API collections
  2. In the Permissions column, click on the permissions.
  3. Edit the permissions as needed, and click Update.

Promote a user to organization administrator

You can make a user into an organization administrator already when you create the account or invitation, or promote an existing account. Auditors cannot be promoted as organization administrators, only regular users

  1. Find the user you want.
  2. In the User role column, switch the toggle on to make the user an admin.
  3. If you want to allow your newly promoted organization administrator to be able to share API collections with everyone in your organization, click the Permissions column, and select that option in sharing permissions.
  4. To revoke administrator rights from an account, switch the toggle off.

Lock a user account

If a user account is compromised and shows abnormal or harmful activity, you can lock the account out of the platform. Just switch on the setting in the Locked? column for the account you want to lock. The account is locked, and the user cannot access the platform. The APIs and API collections the user has are not affected and continue to be usable.

Switching the setting off unlocks the account and the user can again access the platform.

Force password reset

You can force users to change their passwords, for example, if you suspect that credentials have been compromised.

  1. Find the user whose password you want to reset.
  2. Click > Force password reset.

The user is logged out of the platform and the password is reset. The user must change the password upon next login to the platform.

Delete a user account

You can delete user accounts from your organization, for example, if a user leaves your company.

Deleting a user account permanently removes it from 42Crunch Platform. This action cannot be undone.

  1. Find the user who you want to remove from your organization in 42Crunch Platform.
  2. Click > Delete user.
  3. If the user account has assets, such as APIs and API collections, tags and tag categories, customization rules or security quality gates (SQGs), select a new owner for them. If the user was a team lead in any teams, those roles are also transferred to the selected new owner.

    The new owner must be an organization administrator.

  4. Click Delete user

The user account is removed from 42Crunch Platform, and any assets related to that account are transferred over to the new owner you selected.

Add a new team to your organization

Users in an organization are grouped into teams. By default, each organization always has a team that includes everyone in that organization. In addition, organization administrators can create other teams for specific groups of users.

You cannot modify the default team that includes everyone in your organization in any way.

  1. Click next to your username, and click Teams.
  2. Click Create team.
  3. Enter a name for the team and select a team leader for it.
  4. Select the rest of the users you want to add to the team.
  5. Click Create team.

The new team is added to your organization. API collections can now be shared at one go with all users you added to the team.

An example screenshot showing a sample team with two users, one of whom is the team leader.

You can manage teams in your organization, such as add or remove users, rename a team, or change a team leader, on the Teams tab. You can also remove teams that are no longer needed.

Removing a team from the organization does not delete the user accounts of the team members, but it does remove their access to API collections shared with that specific team.

Change your subscription plan

You can also manage the subscription plan you are on. The plan determines how many users, APIs, or active API Firewall instances you can have. If you are a community user, you can upgrade to a business user in your own organization and choose a suitable subscription plan for your needs at any time.

  1. On the Your subscription tab, click the email button to open your email client, or copy the email address and manually paste it to a new email.
  2. Provide additional details for your subscription, for example, the billing details for invoicing, and send the mail.

Our sales team processes your requests and contacts you.

Manage the RSS feed

The landing page of 42Crunch Platform provides an RSS feed that shows news from APIsecurity.io, but organization administrators can switch it off.

  1. Click next to your username, and click Organization settings.
  2. Use the toggle to switch the RSS feed off or back on.

All users can choose to show or hide the RSS feed on the landing page by clicking the RSS icon. Hiding the RSS feed does not remove it.