How Does User Verification and Creation Work in CIS Hosted CSAT?


Product Name

CIS CSAT (Controls Self Assessment Tool)

Product Version

All

Date

Mar 25, 2022



 

Problem

How does user verification and creation work in CIS Hosted CSAT?

 

Solution

In CIS-Hosted CSAT, user verification generally happens automatically when a new user logs in for the first time.  There are two main ways a user can be created in CIS-Hosted CSAT:

  1. A Primary Owner can add new users to the sub-organization

    1. This can be done by clicking Administration on the left menu

    2. Then clicking the Add button next to the Active Users heading on the Administration page

    3. And then entering the user's First name, last name, and email on the Add User page.  Adding that User should send an email to that user allowing the user to create a password and login.

  2. If a user attempts to register for CIS-Hosted CSAT, and the email domain already matches an existing organization domain in CIS-Hosted CSAT, the user will need to be accepted by the Primary Owner of the organization. Note: the Primary Owner will not get an email that the user is trying to be added.  To accept a user in this way:

    1. The Primary Owner must visit the Administration page in the tool by clicking Administration on the left menu

    2. There is a User Requests section on the Administration page; if there are users waiting to be accepted, they should appear there, and the Primary Owner can click the Manage button there.

    3. This will go to the Users page; at the bottom of the Users page, the Primary Owner should see a "New User Requests" section if there are requests.  The Primary Owner can click the three dots in the Actions column and then click "Accept request" if they wish to accept that user, or "Decline request" if they wish to decline the user.

Please note that the user request in option 2) will be directed by email domain and organization domain.  So, if the organization has a top-level organization and sub-organizations, it's possible that the user's request will end up in a different sub-organization than expected, or in the top-level organization when you're expecting it in a particular sub-organization, depending on the matching of the email domain to the organization domain in CIS-Hosted CSAT.

Keywords; CSAT Register Organization

Content by Label


Copyright © 2020

Center for Internet Security®