A user is a person who utilizes the Aqua functionality.  A user with an existing Aqua account can invite one or more new users to create new Aqua accounts. The privileges are assigned to users based on their types. For example, a system administrator has complete access to all the resources, whereas a standard user has only read-only access.

User types

  1. Standard: These users have read-only access to the Aqua accounts that are in the group(s) they belong to.
  2. Group Administrators: These users can manage the group they belong to, including the cloud accounts assigned to them. They can add/remove the group Members, trigger scans, and manage the cloud account details.
  3. System Administrators: A system administrator is a user with an Administrator role and has complete access to all the Aqua account management operations and the system resources. System administrators can use the Account Management settings to: 
    • Define and manage users
    • Manage the Aqua account
    • Create and manage groups
    • Define and manage roles, associate each role with a single permission set, and associate each role with one or more application scopes
    • Define and manage permission sets
    • Map SSO groups to Aqua roles

To know more about Aqua administrator accounts and their security settings, see Aqua Administrator Accounts.

Invite a new user to Aqua

Inviting users to create an Aqua account is easy. Sharing your account with others enables you to build teams with different levels of access permissions. The steps below describe how to add a new user to Aqua. 

  1. Login to the Aqua portal.
  2. Select Account Management from the mega menu at the top of the page.
  3. Select Users from User Management.
  4. Click Add New and select User. 
  5. Fill the following in the Add New User pop-up window:
    • Enter the email address of the new user in the User Email field. 
    • You may enable Admin privileges on the invited user by enabling the System Admin toggle (this can also be done later).  Disabling the toggle makes the new user a non-admin.
    • Select the appropriate CSPM Group and Workload Protection Role for a non-admin. 
    • Click Add User.
    • You get a notification like this: "Successfully invited user to the account". 
  6. Your users will be invited to the Aqua console via email.
  7. The user must do the following to accept the account invite:
    • Click on the invite link. You will be redirected to the Sign Up page.
    • Enter the Password, Confirm password, and then click Sign Up.
    • Click sign in within the message "Success! You may now sign in using your email and password."
    • Welcome! You may now Sign in using your credentials.
  8. The new user will be marked as Confirmed (green tick mark) in the console.

Users on the Team plan need not select a Workload Protection Role, but only the CSPM Group in the Add New User window. 

Add multiple users to Aqua

You can invite multiple users by adding up to 50 email addresses at once, one per line. To do this, follow these steps:

  1. Select Account Management from the mega menu at the top of the page.
  2. Select Users from User Management.
  3. Click Add New and select Bulk Users
  4. Fill the following in the Add Bulk Users pop-up window:
    • Enter the email addresses of the new users in the User Emails field. You can add a maximum of 50 email addresses.
    • You may enable Admin privileges on all the users by enabling the System Admin toggle (this can also be done later from the console).  Disabling the toggle makes all the invited users non-admins.
    • Select the appropriate CSPM Group and Workload Protection Role for a non-admin.
    • Click Add Users.
    • You get a notification like this: "All users were successfully saved". 
  5. Your users will be invited to the Aqua console via email. Refer #6 in the Invite a new user to Aqua section to know how the users can accept the invite and create an Aqua account.

Users screen

The Users screen lists all the users along with their information like user email, administrator or non-administrator, role, user group, date of creation, last login details, and IP address. Additionally, you can do the following from the console:

  1. To export users' details, click Export. The information will be downloaded as a CSV file.
  2. Admin access can be granted by enabling the Administrator toggle. Only an admin can make this change.