User Management

Manage user accounts, authentication, and access to your Pestle instance.

User Types

Administrator

Full system access including:

• User and role management
• System configuration
• All data access
• Audit log access

Standard User

Access based on assigned roles and permissions:

• View and edit assigned areas
• Complete assessments and tasks
• Upload evidence
• Generate reports (where permitted)

Read-Only User

View-only access for auditors and stakeholders:

• View dashboards and reports
• Review assessments and evidence
• No edit capabilities

Creating Users

1. Navigate to Settings → Users
2. Click Add User
3. Enter user details:
   • Email address (used for login)
   • First and last name
   • User type
4. Assign to user groups (optional)
5. Click Create
6. User receives invitation email to set password

User Groups

Organize users into groups for easier permission management:

• Create groups based on departments, projects, or functions
• Assign permissions to groups instead of individuals
• Users inherit permissions from their groups

Creating a Group

1. Go to Settings → User Groups
2. Click New Group
3. Name the group (e.g., "Security Team", "Compliance Auditors")
4. Add users to the group
5. Assign folder access and permissions

Authentication Options

Local Authentication

Built-in username/password authentication with:

• Password complexity requirements
• Password expiration policies
• Account lockout after failed attempts

Single Sign-On (SSO)

Integrate with your identity provider:

• SAML 2.0 - Works with Okta, Azure AD, OneLogin, etc.
• OAuth 2.0 / OIDC - Google Workspace, Microsoft 365

Configuring SAML SSO

1. Go to Settings → Authentication
2. Enable SAML authentication
3. Enter your IdP metadata URL or upload metadata XML
4. Configure attribute mappings (email, name)
5. Test the connection

Multi-Factor Authentication (MFA)

Add an extra layer of security:

• TOTP Apps - Google Authenticator, Authy, 1Password
• Email codes - One-time codes sent via email

Enabling MFA

1. Go to Settings → Security
2. Enable "Require MFA for all users" or allow user choice
3. Users configure MFA on next login

Account Management

Password Reset

Users can reset their own passwords via the login page. Administrators can also force a password reset.

Deactivating Users

When employees leave:

1. Find the user in Settings → Users
2. Click Deactivate
3. User loses access immediately
4. Historical data and audit trail preserved

Reactivating Users

Deactivated users can be reactivated. They retain their previous role assignments and group memberships.

Audit Trail

All user actions are logged:

• Login/logout events
• Data changes
• Permission changes
• Export activities

Access audit logs via Settings → Audit Log.