Lucy Awareness
Visit our WebsiteContact Support
  • Wiki Overview
  • Guides
    • Quick Guides
      • Create Your First Campaign
        • Adding a New Client
        • Register an Attack Domain
        • Campaign Setup
          • Selecting an Attack
          • Attack Settings
          • Awareness Settings
          • Recipients
          • Review
        • Whitelisting
    • Installing Lucy
      • On-Premise vs Cloud Installation
      • Architecture
      • Hardware Requirements
      • Network Communication
      • Installing Lucy
      • Post Installation
    • Manage Blacklisted Domains
      • Managing Google SafeBrowsing Alerts
    • Whitelisting a Lucy Server
      • Google Workspace Whitelisting
      • Microsoft O365 Whitelisting
      • File Attack Whitelisting
    • Attack Simulations
      • Attack Types
        • Data Entry Attack
        • Hyperlink Attack
        • File Attack
        • Portable Media
        • Smishing
        • Lures
        • QR Codes
        • Ransomware Emulation
        • Technical Malware Test
          • Malware Toolkit Test Suite
        • Mail & Web Filter Test
        • Email Spoofing Test
      • Attack Template Customization
      • Firewall Protection Interval
      • Email Tracking Technologies
      • Advanced Information Gathering
      • Regular Expressions in Login Fields
      • Copy a Website
      • Redirecting Users
    • Awareness Training
      • Awareness Template Customization
      • Awareness Only Campaigns
        • Using Multiple Awareness Trainings
      • Use extended method of tracking the end of the quiz
    • Reporting Plugin
      • Deploying Office 365
      • Deploying Outlook Native
      • Deploying Gmail
  • Application Screens Reference
    • Statistics Dashboard
    • Campaigns Dashboards
    • Campaigns
      • New Campaign
        • Wizard Mode
          • Selecting an Attack
          • Attack Settings
          • Awareness Settings
          • Recipients
          • Review
        • Expert Mode
      • Campaign Settings
        • Configuration
          • Base Settings
          • Awareness Settings
          • Attack Settings
          • Schedule
            • Schedule Plan
          • Recipients
        • Advanced Settings
          • User Settings
          • Filters
          • Custom Fields
          • Reminders
        • Campaign Checks
        • Logs
        • Results
          • Summary
          • Statistics
          • Reports
          • Exports
    • Templates
      • Attack Templates
      • Awareness Templates
      • File Templates
      • Report Templates
      • Campaign Templates
      • Training Diploma
      • Download templates
      • Variables in Lucy
    • Users
      • Recipient Groups
      • End Users
      • End User Portal Settings
      • Administrative Users
      • Reputation Levels
    • Settings
      • Common System Settings
        • Domains
          • Supported TLDs
        • Firewall
        • Web Proxy
        • Mail Settings
        • SMTP Servers
        • SSL Settings
          • SSL for Campaigns
        • SMS Settings
        • Filter Settings
        • API Whitelist
          • API Routes
        • LDAP Servers
          • LDAP Sync Tool
        • LDAP Settings
        • Azure Applications
        • Azure AD Settings
        • SSO Configuration
      • Advanced System Settings
        • Advanced Settings
        • SSH Password
      • Submitted Email Settings
        • Custom Rules & Score Factors
        • Abuse Reports
        • Incident Autoresponder
        • Plugin Settings
      • Clients
        • Client Invoices
        • Client Invoice Settings
      • Backup and Restore
        • Backup Settings
      • Benchmark Sectors
      • Whitelabeling
      • File Browser
    • Incidents
    • Support
      • Status
        • Status
        • System Monitoring
        • System Health Check
        • Notifications
      • System Tests
        • Test Email
        • Performance Test
        • Spam Test
        • Mail Spoofing Test
        • Mail and Web Filter Test
      • System Logs
      • Manual
      • Update
      • Reboot
      • Mail Manager
      • Terms & Conditions
    • Account Settings
      • Two Factor Authentication
      • License
      • Invoices
    • Notifications
  • Release Notes
    • 5.4
    • 5.3.5
    • 5.3.4
    • 5.3.3
    • 5.3.2
    • 5.3.1
    • 5.3
    • 5.2.1
    • 5.2
    • 5.1
    • 5.0
    • Version 4
      • 4.14
      • 4.13
      • 4.12.1
      • 4.11
      • 4.10.1
      • 4.9.5
      • 4.9.2
      • 4.9.1
  • Legal
    • EULA
    • Privacy Policy
    • DPA, Customer and Partner Info
    • Service Level Agreement
    • Confidentiality of Campaign Data
  • When to Contact Us
    • Contact Technical Support
Powered by GitBook
On this page
  • Introduction
  • Configuring User Settings
  • Add New User
  • Import Administrative Users
  • Multitenant Capable Administration
  • Administrative Permission List

Was this helpful?

  1. Application Screens Reference
  2. Users

Administrative Users

PreviousEnd User Portal SettingsNextReputation Levels

Last updated 11 months ago

Was this helpful?

Introduction

LUCY offers role-based access control (RBAC), which restricts system access to authorized users. Permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff are assigned particular roles, which grant them the necessary permissions to perform specific LUCY functions.

Configuring User Settings

Navigate to Users -> Administrative Users


Add New User

Select "New User"

Role:

There are four types of admin accounts in LUCY:

Permissions: Full access and highest privileges.

Capabilities: Can create and delete campaigns, manage all custom data (recipients, clients, templates, etc.), and manage other administrative users' account data.

Notes: Administrators cannot be segregated by client visibility.

Role: Maintain oversight with access to campaign specifications, communicate directly with campaign creators, suggest changes, and approve/reject campaigns.

Notes: Supervisors cannot supervise system admins. They can start/stop campaigns created by users under their supervision.

Permissions: Limited to content related to specific clients and branches.

Capabilities: Can access content (campaigns, custom templates, recipient groups) attributed to their assigned clients and branches.

Notes: Ensure to disable the "Access all Campaigns" permission to prevent users from different clients/branches from accessing each other's data.

Role: Can only view campaign statistics without the ability to start/stop campaigns or change settings.

Setup: Associate the user with a specific client and branch to restrict view to campaigns belonging to that client.

Password:


Import Administrative Users

Navigate to Users -> Administrative Users

Select "Import"

Add the relevant LDAP search syntax to query your Administrative Users.

For example, locating an Administrative User in the following directory structure:

Base DN -> Beck.ai OU -> Admin Users OU -> Distribution Groups Group -> IntuneLucy-DevOps

(&(objectClass=user)(memberOf=cn=IntuneLucy-DevOps,ou=Distrubution Groups,ou=Admin Users,dc=beck,dc=ai))

&: This is the logical operator "AND". It indicates that all the conditions enclosed within the parentheses must be true for the query to return a result. This operator combines multiple search filters.

(objectClass=user): This filter specifies that the object being searched should be of the type "user". The objectClass attribute in LDAP is used to define the schema or type of an object in the directory.

(memberOf=cn=IntuneLucy-DevOps,ou=Distrubution Groups,ou=Admin Users,dc=beck,dc=ai): This filter is used to find users who are members of a specific group. Here's a breakdown of the group's distinguished name (DN):

  • cn=IntuneLucy-DevOps: "cn" stands for Common Name. In this case, it refers to the name of the group.

  • ou=Distrubution Groups: "ou" stands for Organizational Unit.

  • ou=Admin Users: Another Organizational Unit, indicating a higher-level grouping within the directory.

  • dc=beck,dc=ai: "dc" stands for Domain Component. These components are part of the LDAP naming context and represent different levels of the domain.

This query is structured to ensure that only objects that are users (objectClass=user) and are members of the specified group (memberOf=...) are returned.


Select your user(s) and import:

Once "Import" is selected, a pop-up will appear to define the Role.

Import Role

Define the Role of the imported user group.


Azure Application

Select the specific Azure Entra ID tenant.


Filter Azure Groups

Select the desired group to import from the drop-down.


Filter

Scenario 1: Filter by Email Domain

To import only recipients whose email domain ends with "@lucysecurity.company", use the endswith function:

(mail, '@lucysecurity.com')

This filter ensures that only users with emails ending in "@lucysecurity.company" are included in the import.

Scenario 2: Filter by Name Prefix

To import recipients whose names begin with "User", utilize the startswith function:

startswith(displayName, 'User')

This filter will match and import users whose display names start with "User".

Scenario 3: Filter by Location

To find all users located in 'Ext1', you can directly match the officeLocation attribute:

officeLocation eq 'Ext1'

This query ensures that only users with 'Ext1' listed as their office location are selected.

Scenario 4: Filter by Phone Number Exclusion

To exclude recipients whose phone number is '911', apply the ne (not equal) operator:

mobilePhone ne '911'

This filter imports users whose mobile phone number is not '911'.



Multitenant Capable Administration

Use Case 1: Customer Access to Campaign Statistics

Scenario: You create a campaign for your customer and want to give them access to view the statistics without allowing them to change the campaign configuration.

Create View-Only Account

  • Navigate to Users -> Administrative Users

  • Create a new user account with "view-only" status. This account will only have permission to view campaign statistics.

Assign Campaign to Client

Add User to Campaign

  • Add the view-only user account to the campaign by navigating to the created campaign, selecting Advanced Settings -> User Settings.

Assign Viewing Rights

  • Assign the necessary permissions to the view-only user to allow them to view the campaign statistics.


Use Case 2: Customer Creates Their Own Campaigns

Scenario: A customer wants to create their own campaigns, but should only have access to their own campaign data and not see data from other customers.

Create a Limited User Account

  • Navigate to Users -> Administrative Users

  • Create a new user account with the role of "user".

Assign Create/Delete Campaign Rights

  • Give the user the "Create/delete campaign" permission. This allows the user to create and delete their own campaigns.

Customer Access

  • When the customer logs in, they can create their own campaigns and will only see data related to the campaigns they created.

  • The user will not have access to other menu items or data from other customers.


Administrative Permission List

Permission
Description

Access All Campaigns

Right to access all campaigns, overriding Clients and Branches policy.

Create/Delete Campaigns

Right to create and delete campaigns.

Save Campaign As Template

Right to save a campaign as a template.

Attack Templates

Access to predefined attack templates.

Campaign Templates

Access to campaign templates.

Awareness Templates

Access to awareness training templates.

File Templates

Access to file-based attack templates.

Report Templates

Access to report templates.

Download Templates

Access to download templates.

Clients

Access to clients menu.

Recipients

Access to the list of recipients.

End Users

Access to the list of end users.

User Management

Access to user management.

Reputation Levels

Access to reputation levels.

SSH Access

Access to SSH menu.

SSH Password

Right to reset SSH password.

Benchmark Sectors

Access to benchmark sectors.

License

Access to license menu.

Update

Right to update LUCY.

Reboot

Right to reboot LUCY.

Domains

Access to domains menu.

Register Domains

Right to register a domain.

Dynamic DNS

Access to dynamic DNS feature.

Automated Response Detection

Access to automated response detection menu.

Settings

Access to advanced settings, including customization of the 404 page.

SMS Settings

Ability to set up SMS systems for text message delivery.

Performance Test

Access to performance tests.

Test Email

Right to send a test email.

Spam Test

Access to spam test.

System Monitoring

Access to system monitoring.

System Status Page

Access to system status page.

Incident Management

Access to incident management.

Plugin Configuration

Right to configure the Outlook plugin.

Incident Management Configuration

Right to configure incident management.

Manual

Access to the LUCY manual.

Exports

Access to exports.

Invoices

Access to invoices.

Send Logs

Access to send logs menu.

Service Logs

Access to service logs.

Changelog

Access to changelog.

Mail Manager

Access to mail manager.

Tickets

Access to the ticket system.

Please note that there are also in LUCY that come as part of the functionality and have no admin rights. These accounts are automatically created for recipients assigned to awareness training.

Password Policy -> Adjustable in the .

SSO Authentication -> Possible via or for automatic user authentication.

Importing administrative users can be directly done from your company directory either via or .

Select your from the server list:

A well-formulated to obtain an Administrative user in the Group = IntuneLucy-DevOps:

Filter by Search Parameters -> Enter

When creating a campaign, you will be prompted to enter the for the campaign. This client can be yourself, an organizational unit, or a third party.

End User accounts
End User Portal
LDAP
Azure (Entra ID)
pre-defined server
Active Directory search filter
Microsoft search filters
Client
advanced settings
SAML 2.0
OAuth 2.0 (Entra ID)