- September 18, 2023: Group Admin can add assets to their infrastructure.
- April 28, 2023: Underwriting guideline permissions.
- November 15, 2022: Enhanced Rating permissions.
Permissions can depend on:
Group Access
Company details can be shared either globally or based on the Access Control Group of the user.
- Global: Shared configurations with all users.
- Group: Specific to a particular group.
The following can be configured globally or by group:
Ownership
The following can be owned, which are configured based on user preferences:
Permissions
- Access Control Groups
- Account
- Alerts
- Bitsight Badge
- Bitsight for 4th Party
- Collaboration
- Company Relationships
- Company Requests
- Enhanced Ratings
- Financial Quantification
- Folders
- SAML
- Subscriptions
- Tiers
- Infrastructure
- Remediation
- Bitsight Work From Home
- Company Notes
- Exposed Credentials Download
- Finding Comments
- Issue Tracking
- Underwriting Guidelines
- User Management
Access Control Groups
Access Control Groups allow subsets of portfolio companies to be grouped together and users to be assigned access to them. The users will have the ability to see and monitor only the subset of companies.
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
Groups tab:
|
✓ | ❌ | ❌ | ❌ |
Modify subscriptions:
|
✓ | Group Access | ❌ | ❌ |
Account
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Implement 2-factor authentication (2FA): | Implement for your own account. | Implement for your own account. | Implement for your own account. | Implement for your own account. |
Bitsight API authentication:
|
✓ | ❌ | ❌ | ❌ |
| Generate a Platform Usage report: | ✓ | ✓ | ✓ | ❌ |
| Generate a user API token: | ✓ | ✓ | ✓ | ✓ |
| Require users to implement 2FA: | ✓ | ❌ | ❌ | ❌ |
| Reset 2FA to allow users to reimplement 2FA: | ✓ | ❌ | ❌ | ❌ |
Alerts
Alerts automate how changes that occur in your portfolio are monitored, including changes to ratings, changes to risk vector grades, and more.
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Set up the company-wide email distribution list: | ✓ | ❌ | ❌ | ❌ |
| Set your alert settings; Enable or disable alerts for yourself: | ✓ | ✓ | ✓ | ✓ |
Bitsight Badge
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Configure Bitsight Badge: | ✓ | ❌ | ❌ | ❌ |
| Enable/Disable Bitsight Badge: | ✓ | ❌ | ❌ | ❌ |
Bitsight for 4th Party
- Only your organization can define your own 4th party relationships.
- Your added service providers are only visible to your organization.
Collaboration
The Enable Access Program allows you to collaborate with other companies, such as helping a third party improve their Bitsight Security Rating, by extending an invitation to allow access to the Bitsight platform.
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Add new contact information for portfolio companies via the Bitsight API: | ✓ | Group Access | ❌ | ❌ |
| Edit or delete collaboration messages: | Yes if Owned | Yes if Owned | Yes if Owned | Yes if Owned |
|
Invite a company to collaborate: You must be subscribed to the recipient organization. |
✓ | ✓ | ✓ | ✓ |
| View invitations and collaboration progress from the Collaboration Outbox: | ✓ | Group Access | Group Access | Group Access |
Company Relationships
Company relationships optimizes the onboarding workflow by applying the appropriate level of due diligence to a company while they’re being evaluated during onboarding.
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Define your organization’s company relationship with another company: | ✓ | Group Access | Group Access | ❌ |
Company Requests
Submit a company request to add an entity to the Bitsight inventory.
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Submit company requests: | ✓ | ✓ | ✓ | ✓ |
| Submit company requests in bulk (Multiple Request): | ✓ | ✓ | ✓ | ❌ |
Enhanced Ratings
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Activate Enhanced Ratings: | ✓ | ✓ | ❌ | ❌ |
Financial Quantification
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Cancel a Financial Quantification run or rerun: | ✓ | ❌ | ❌ | ❌ |
| Enable Financial Quantification: | ✓ | ✓ | ❌ | ❌ |
| Run a quantification: | ✓ | ✓ | ❌ | ❌ |
| Select companies for quantification: | ✓ | ❌ | ❌ | ❌ |
| View results: | ✓ | ✓ | If Enabled | If Enabled |
Folders
Folders can be used to organize your portfolio to better understand the security performance of certain groups of companies, such as IT vendors and companies in your organization.
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Be assigned as a folder owner: | ✓ | ✓ | ✓ | ✓ |
| Create a folder: | ✓ | ✓ | ✓ | ✓ |
| Delete a folder: | Yes if Owned | Yes if Owned | Yes if Owned | Yes if Owned |
| Modify companies in a folder: | Yes if Owned | Yes if Owned | Yes if Owned | Yes if Owned |
| Share a folder: |
SAML
Security Assertion Markup Language (SAML) is an XML-based framework developed by the Organization for the Advancement of Structured Information Standards. It is used to exchange secure data between different services, such as authentication and authorization information.
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Configure SAML: | ✓ | ❌ | ❌ | ❌ |
Subscriptions
- Admin can modify all subscriptions and Group Admin can modify subscriptions for their group. This includes the following actions:
- Subscribe to a company.
- Switch from one subscription to another.
- Remove a company from your portfolio.
- Resubscribe to expired subscription.
- Admin can view all subscription data and Group Admin can view subscription data for their group.
Tiers
Tiers are used in the Portfolio Risk Matrix to prioritize companies in your portfolio based on their criticality to your organization and their security risk.
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Add, edit, and remove tiers: | ✓ | Group Access | Group Access | ❌ |
| Modify companies in a tier: | ✓ | Group Access | Group Access | ❌ |
| Set risk thresholds: | ✓ | Group Access | Group Access | ❌ |
| View tiers in the Portfolio Risk Matrix: | ✓ | Group Access | Group Access | Group Access |
Infrastructure
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Add assets to their infrastucture: | ✓ | ✓ | ❌ | ❌ |
| Create a self-published rating: | ✓ | ❌ | ❌ | ❌ |
| Highlight which self-published company is the primary: | ✓ | ❌ | ❌ | ❌ |
Remediation & Mitigation
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Bitsight Work From Home: | ✓ | ❌ | ❌ | ❌ |
| Company Notes – Edit or delete notes: | ✓ | ✓ | Yes if Owned | Yes if Owned |
| Exposed Credentials – Export and download data for your organization: | ✓ | ✓ | ❌ | ❌ |
| Finding Comments – Edit or delete comments: | ✓ | ✓ | Yes if Owned | Yes if Owned |
Infrastructure Management:
|
✓ | ❌ | ❌ | ❌ |
| Issue Tracking – View and assign users to remediate a finding: | ✓ | Group Access | Group Access | Group Access |
Underwriting Guidelines
Underwriting guidelines allow you to choose the minimum grades for each risk vector that can be used to compare against a company’s risk vector grades.
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
Edit guidelines, including:
|
✅ | ❌ | ❌ | ❌ |
| View guidelines: | ✅ | ✅ | ✅ | ✅ |
User Management
The Users tab allows you to manage users of the Bitsight platform within your organization. If all administrators left the company, please contact Bitsight Support.
| Action | Admin | Group Admin | Portfolio Manager | User |
|---|---|---|---|---|
| Assign user roles: | Any role to any user. | Assign users in the group as a User, Portfolio Manager, or Group Admin. | ❌ | ❌ |
| Assign users as a collaboration contact to receive incoming Enable Access Program invitations: | ✓ | Assign users in the group. | ❌ | ❌ |
| Assign users as a subscription contact when other users request to add companies to your portfolio: | ✓ | Assign users in the group. | ❌ | ❌ |
| Assign users to an Access Control Group: | ✓ | ❌ | ❌ | ❌ |
| Be assigned as a collaboration contact to receive incoming Enable Access Program invitations: | ✓ | ✓ | ✓ | ✓ |
| Be assigned as a subscription contact when users request to add a company to the portfolio: | ✓ | Be assigned for the group. | Be assigned for the group. | ❌ |
| Edit user information: | ✓ | Edit users in the group. | ❌ | ❌ |
Example:Bitsight Work From Home |
✓ | Enable for users in the group. | ❌ | ❌ |
|
✓ | ✓ | ❌ | ❌ |