Authentication in Infosec IQ

#1

Table of Contents

Introduction

Authentication in Infosec IQ is managed by a separate Infosec application called Infosec Accounts, while user management and permissions are still managed within Infosec IQ. Any attempt to authenticate to Infosec IQ is processed through Infosec Accounts.

Infosec Accounts has user types.

  • Organization Admins: Have administrative access to Infosec Accounts. They can configure security settings and modify SSO configurations for your organization.
  • Users: Are able to use authentication methods that have been configured in your organization and are subject to the security settings configured there. They have no other special access.

Whether you are a User or an Organization Admin in Infosec Accounts, this has no effect on your permissions in Infosec IQ.

Infosec IQ also has two user types.

  • Admins: Admins are credentialed accounts in Infosec IQ that have full access to view or edit app information in Infosec IQ.
  • Learners: Learners are users that can receive emails and be assigned training in Infosec IQ and do not have login credentials. It’s still possible for Learners to authenticate using SSO in AwareEd campaigns. See the Learners section below for more information.

A user can be an Admin, a Learner, or both.

Infosec IQ Admins

Infosec IQ Admins include Administrators and Reporting users, and are managed from the Account Settings page in Infosec IQ. For how to create Infosec IQ Admins, see our article Administrators and Reporting Users.

2023-11-21%2014_59_04-Infosec%20IQ_%20Initech%20Account%20%E2%80%94%20Mozilla%20Firefox
2023-11-21 14_59_04-Infosec IQ_ Initech Account — Mozilla Firefox.png1429×991 63.8 KB

When someone is invited to be an Infosec IQ Admin, they’re sent an email to register their account. This process will both verify their Infosec IQ account, and, if not present already, will create a profile in Infosec Accounts.

There are two authentication options for Admins:

  • Email and Password: Admins will have traditional login credentials (email and password) that will authenticate them for the resources they have access to.
  • SSO: If you have an active SSO configuration set up in Infosec Accounts, Admins will be able to use this authentication method without any extra steps.

Learners

Learners do not need to provide credentials to access Infosec IQ. By default, when an AwareEd campaign is launched, every Learner who is assigned to the campaign will have a unique training link sent via email. This link will be unique to each learner, but is accessible to anyone who has it. However, SSO can be used as a layer of authentication when the unique link is accessed.

Note: It’s important that you do not enable learner authentication on your AwareEd campaign if you have no active SSO configuration in Infosec Accounts.

In the Advanced Settings section of the AwareEd campaign creation page, there’s a check box labeled Require learner to authenticate with SSO before they take the course. When this is enabled on a campaign and someone then clicks on the unique link, they will be redirected to your Identity Provider (e.g. Microsoft, Google, Okta). After the user has authenticated with the IdP, they will be redirected back to their personal learner dashboard. When a learner authenticates through SSO, an identity profile will be created for then in Infosec Accounts.

2023-11-21%2015_08_31-Infosec%20IQ_%20Initech%20Campaigns%20%E2%80%94%20Mozilla%20Firefox
2023-11-21 15_08_31-Infosec IQ_ Initech Campaigns — Mozilla Firefox.png445×843 46.3 KB