Users are the people who access and manage your organisation's cyber security content. Others are "employees" from Cyberday's point-of-view, who will e.g. accept guidelines via bot.
Read more about user management in Cyberday here.
Cyberday can be used via a web client or inside Microsoft Teams. You can get the notifications and reminders for Cyberday either via email, Teams or Slack.
User signup via Teams
- Install the Cyberday app
- Navigate to app and click "Organization Dashboard" tab
- Click "Verify" to confirm your identity
- Click "Request access"
This will create the user and the access will be given, when the admin confirms the request from the Organization dashboard's settings section under "Pending access requests".
Microsoft Teams offers you the possibility to install the up via a policy to all users. You can also e.g. send a message including installation instructions in the team for cyber security core team.
User invitation via web client
Where to find this view: Dashboard -> Organization name drop down -> Settings -> User management
- Click "Settings" from the left menu on Dashboard
- Expand "User management" and click "Invite new user"
- Insert email under the list
- Choose a role and click "Invite"
User roles and rights
In Cyberday, not every user has the same right. This helps to ensure only the persons that are supposed to do so are entitled to make important changes and have access to the ISMS and its data. For many employees, only access to the guidebook will be needed. Read more about different user roles and rights.
External user
In Cyberday you can invite external users. Examples of external users are auditors, partners and other viewers. An external user is not counted in the statistics for instructions.
Within Teams, only users whose domain name is included in the list of allowed domains will be able to view the content of your Cyberday account.
Inviting an external user
- Click on "Settings" in the left menu on the Dashboard
- Select "Invite a new user" under "User Management"
- Enter your email address in the field below the list
- Select "Is this an external user?"
- Select the type of external user
Deactivating and deleting users
As an admin, you are able to deactivate and delete accounts. This is done in the same place as inviting new users: Settings -> User management.
Passivating a user means that the user will no longer have access to the account, but will still be shown in the items they own. This option should be used in situations where for example, a key member of your security team changes jobs and a replacement does not yet exist. This way you won't lose information about which items need to find a new owner due to a change of person.
Deleting a user is the final action. After this, you won't see the user on your account anymore. This will require you to select a new person responsible for the content owned by the user to be deleted.
In the user deletion form you can see different content types this user currently owns. Different content types are:
- Tasks
- Guidelines
- Documentation items (e.g. data systems, risks, partners)
- Reports
Remove and assign will delete the user and automatically re-assign their content to the selected new owners.
N.b.! When user is removed, log events connected to them are still kept. Log events are only removed if the exact topic (e.g. task, guideline or documentation item) they relate too is deleted.