Organization Settings

Organization settings are only visible in the menu for users with owner privileges.

Organization

You can change the total number of registered servers and language settings for the organization.

Item Description
Organization name Name set when the organization was created
Total number of registered servers Total number of servers registered in the organization
Scan all servers manually Scan all servers in the organization at once
Payment method Payment method of the organization
Setting the language of the organization Change the language of error messages and other messages sent during the scan

batch scan all servers

Performs a batch manual scan of all servers registered in the organization, using the package information from the most recent scan.

Once an organization batch scan is performed, it cannot be performed again for one hour. Please check the date and time of the last batch scan and rescan after one hour has elapsed.

The actual equipment will not be accessed. Also, only servers that have been scanned during the transition to April 2021 will be scanned.

Members

You can grant “Owner” and “CSIRT” privileges to members invited to the organization, manage groups they belong to, and delete members.

Owner Authority Settings

Press the “Change permissions” button for the user in question to change the user’s permissions. image

Managing Groups to which a user belongs

Click the Group Management icon to view and edit the groups to which members belong. image

image

Invite a member to the Organization

Click “Add User” at the bottom of the list to display a dialog box for adding a user. image

You can add multiple users to an organization at once by entering newlines or comma separated lines. image

Invited users are not assigned to a group and cannot check vulnerability information, etc. Please invite them to a group.

Deleting an organization member

If you delete a member from the “Organization Settings”, the account information will be deleted from the organization and the member will not be able to access the organization.

To delete a member from the organization, click the ⊖ icon of the member to delete. image

The user’s account will remain in FutureVuls even if the user is removed from the organization. See [remove user from org](/en/manual/user_management/#remove userfromorg) for details.

Groups

You can manage groups in the org or create new groups.

Create Group

Click “Create Group” at the bottom of the list to open a dialog box to create a new group. Enter a group name and create it. image

To delete a group, you can delete it from the group’s detailed settings screen (click the group settings button at the right end of the list).

User Management

Click the User Management icon to view and edit users belonging to a group. image

image

Transition to the group

Clicking the icon in the center will take you to the vulnerability page of the group. Also, click the gear icon on the far right to go to the group’s detailed settings page. image

If you do not have group administrator privileges, the gear icon on the far right will be disabled.

Also, a “Join” button will appear for groups to which you do not belong, and you can join the group by clicking the button.

Group Set

You can create a group set that binds multiple groups together. See groupset for details.

Set up automatic triage

You can configure automatic triage settings to automatically grant Danger status or hide the relevant vulnerabilities. For details, please refer to automatic Danger grant.

Audit Log

Allows you to check the history of user operations performed in the organization. See audit log for details.

Special alert tags

You can set your own alert tag for vulnerability information. See special alert tags for details.

Security

Make two-factor authentication mandatory for organization members

You can prevent members of your organization from performing operations if they have not set up two-factor authentication.

When you press the MFA settings switch, a confirmation dialog will appear, and you can enable the settings by clicking the “OK” button. If this setting is enabled, members of the organization who have not set up two-factor authentication for password login will see a message and will not be able to perform operations. You can enable the operation by enabling two-factor authentication from “Profile > Two-Factor Authentication”.

Note that when logging in with SSO or using Google login, operations will not be restricted even if two-factor authentication is not set up. If you want to make two-factor authentication mandatory, please configure it on the provider side.

To turn off the settings, you can disable them by pressing the MFA settings switch again under “Security”.

Restrict access using IP address

IP restrictions are available by adding a range of IP addresses (in CIDR format) to the organization’s configuration page.

Details of IP address restrictions are as follows.

  • If no IP range is set, connections from all IP addresses are allowed
  • If even one IP range is specified, access is allowed only from the specified IP range.
  • The IP address of the configurator (the person connecting) cannot be restricted (you must first specify your own IP address)
  • What is restricted by this IP restriction is the console screen and the developer API (uploads from the scanner are not restricted)

How to set up

  • Open the configuration page of the organization and click ADD on the Register accessible IP addresses card.

image

  • Enter the IP address you want to allow in CIDR format and click SUBMIT.

image

  • If the registered IP address is displayed as shown below, the IP restriction is enabled.

image

Configuration

Copy server information to another group

This function supports when you want to move the registered server to another group.

This function does not support transferring servers between organizations.

  • After selecting the server to be moved and the group to which the server will be moved, copying of the server information will begin. image

  • The information of tasks registered on the source server is subsequently copied to the copied server.

  • If the server is registered from the scanner, change the group ID and scanner token registered on the scanner.

  • After migration, please check the new server and delete the old server.