This document is intended for users of the Google Security Operations SOAR platform who want to add new users.
User types
The Google Security Operations SOAR user types include:
Standard users: can be given various permissions and have edit rights to the platform as you defined them.
View-only users: can only view certain parts of the platform based on their assigned permissions. They require a special license. For details, see Create a view-only user.
Collaborator users: can have edit or view permissions for specific platform modules. For more information on this user type, see Benefits of adding a collaborator user.
Managed users: Have full case management permissions, letting them participate in a hybrid SOC model alongside a Managed Security Service Provider (MSSP). For more information on managed users, see Create a Managed or Managed-plus user.
Managed-plus users: Have the same case management permissions as managed users, with the additional ability to build and edit playbooks within their own environment. For more information on Managed-plus users, click Create a Managed or Managed-plus user.
Add a new user
To add a new user to the Google Security Operations SOAR platform, follow these steps:
Go to Settings > Organization > User Management.
Click addAdd.
Fill out the required information in the fields. You can edit this information after the user is created.
The Login ID field must contain an email address for internal users.
If you edit the Login ID field, the user's status changes to Pending until the next sign-in.
Click Add. The new user appears in the user list, and an email invitation is automatically sent.
Set environment access
If you select a permission group with edit permissions for
All Environments, the user is granted access to all environments by default. To change this at the permission group level,
follow these steps:
On the Permissions page, select None for All Environments.
Select one or more specific environments for the user to have access to.
Click Add. The new user appears in the list of users,
and an email invitation is automatically sent.
For internal users, the status remains Pending until they accept
the invitation and create a password.
The invitation link is valid for 3 days. The administrator can resend the invitation on the User Management page.
For SAML users, the status remains Pending until the initial login.
They can sign in directly to the platform without the need to use the invitation
email.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis guide explains how to add a new user to the Google Security Operations SOAR standalone platform, involving navigating to the User Management section, inputting user details like email and selecting the appropriate SAML provider if necessary.\u003c/p\u003e\n"],["\u003cp\u003eNew users, upon being added, receive an email invitation that internal users must accept to set their password, whereas SAML users can log in directly without the need to go through the email invite.\u003c/p\u003e\n"],["\u003cp\u003eUser access is controlled through permission groups, which define visible and editable modules, SOC roles, which allow for case or action assignments to roles rather than individuals, and environments or environment groups, which segment data for different business units.\u003c/p\u003e\n"],["\u003cp\u003eUsers can be assigned to multiple permission groups, SOC roles, and environments, with the platform combining permissions from each group and deciding a landing page based on a defined hierarchy upon login.\u003c/p\u003e\n"],["\u003cp\u003eRestricting actions for users requires that the specific action be selected as restricted in every permission group assigned to that user, otherwise they will not be restricted.\u003c/p\u003e\n"]]],[],null,["Manage users and roles \nSupported in: \n[SOAR](/chronicle/docs/secops/google-secops-soar-toc)\n\n\u003cbr /\u003e\n\n| **Note:** This document is for customers using the standalone SOAR platform only.\n\n\u003cbr /\u003e\n\nThis document is intended for users of the Google Security Operations SOAR platform who want to add new users.\n\nUser types\n\nThe Google Security Operations SOAR user types include:\n\n- **Standard users**: can be given various permissions and have edit rights to the platform as you defined them.\n- **View-only users** : can only view certain parts of the platform based on their assigned permissions. They require a special license. For details, see [Create a view-only user](/chronicle/docs/soar/admin-tasks/user-soar-only/create-a-view-only-user).\n- **Collaborator users** : can have edit or view permissions for specific platform modules. For more information on this user type, see [Benefits of adding a collaborator user](/chronicle/docs/soar/admin-tasks/user-soar-only/benefits-of-adding-a-collaborator-user).\n- **Managed users:** Have full case management permissions, letting them participate in a hybrid SOC model alongside a Managed Security Service Provider (MSSP). **Note:** Managed users have no access to edit playbooks.\n For more information on managed users, see [Create a Managed or Managed-plus user](/chronicle/docs/soar/admin-tasks/user-soar-only/create-a-managedmanagedplus-user).\n- **Managed-plus users** : Have the same case management permissions as managed users, with the additional ability to build and edit playbooks within their own environment. For more information on Managed-plus users, click [Create a Managed or Managed-plus user](/chronicle/docs/soar/admin-tasks/user-soar-only/create-a-managedmanagedplus-user).\n\nAdd a new user\n\nTo add a new user to the Google Security Operations SOAR platform, follow these steps:\n\n1. Go to **Settings \\\u003e Organization \\\u003e User Management**.\n2. Click add**Add**.\n3. Fill out the required information in the fields. You can edit this information after the user is created. The **Login ID** field must contain an email address for internal users. If you edit the **Login ID** field, the user's status changes to **Pending** until the next sign-in.\n| **Note:** For SAML authentication, select the required SAML provider in the **User Type** field. The **Login ID** field must conform to your SAML specifications, and the **Email** field is intended for notification purposes only.\n4. Click **Add**. The new user appears in the user list, and an email invitation is automatically sent.\n\nSet environment access\n\nIf you select a permission group with edit permissions for\n**All Environments**, the user is granted access to all environments by default. To change this at the permission group level,\nfollow these steps:\n\n1. On the **Permissions** page, select **None** for **All Environments**.\n2. Select one or more specific environments for the user to have access to.\n3. Click **Add**. The new user appears in the list of users, and an email invitation is automatically sent.\n4. For internal users, the status remains **Pending** until they accept the invitation and create a password.\n5. The invitation link is valid for 3 days. The administrator can resend the invitation on the **User Management** page.\n6. For SAML users, the status remains **Pending** until the initial login. They can sign in directly to the platform without the need to use the invitation email.\n\n\nYou can also [map users with multiple control access parameters](/chronicle/docs/soar/admin-tasks/user-secops/map-users-with-multiple-control-access-parameters).\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
