Skip to main content

Overview

User management in FigoRisk allows you to control who has access to your GRC platform, what they can do, and how they interact with the system.

User Roles

FigoRisk uses role-based access control (RBAC) with four primary roles:

Admin

Full access to everything Can: - Manage all users - Configure system settings - Access all modules - Approve/reject actions - View all reports Best for: IT administrators, GRC managers

Maker

Create and edit content Can: - Create risks, assets, controls - Edit existing records - Submit for approval - Generate reports Cannot: - Approve their own submissions - Delete records - Manage users Best for: Risk analysts, compliance officers

Checker

Review and approve content Can: - Review submissions - Approve/reject changes - View all records - Generate reports Cannot: - Create new records - Edit records directly - Manage users Best for: Managers, supervisors, auditors

Viewer

Read-only access Can: - View risks, assets, controls - Generate reports - Export data Cannot: - Create or edit records - Approve submissions - Delete anything Best for: Executives, stakeholders, external auditors

Adding New Users

Single User Creation

1

Navigate to Users

Click Users in the main navigation menu
2

Click Add User

Click the + Add User button in the top right
3

Fill User Details

Basic Information: - First Name: User’s first name - Last Name: User’s last name - Email: User’s work email (used for login) - Phone: Contact phone number (optional) Account Settings: - Role: Select from Admin, Maker, Checker, or Viewer - Department: Assign to a department - Status: Active or Inactive Optional Settings: - Job Title: User’s position - Employee ID: Internal employee identifier - Manager: Select reporting manager
4

Set Permissions

Module Access (Check applicable modules): - ☑ Risk Management - ☑ Compliance Management - ☑ Asset Management - ☑ Incident Management - ☑ Reporting & Analytics
5

Send Invitation

Choose how to onboard the user: Option 1: Email Invitation (Recommended)
  • User receives email with setup link - They set their own password - More secure Option 2: Set Password - You create a temporary password - Share credentials with user securely - User must change on first login
6

Create User

Click Create User to save
Users will receive an email invitation with instructions to set up their account and login credentials.

Bulk User Import

For adding multiple users at once:
1

Download Template

  1. Navigate to Users page 2. Click Bulk Import 3. Download the CSV template
2

Fill Template

Open the CSV file and fill in user details: | First Name | Last Name | Email | Role | Department | |-----------|-----------|-------|------|-----------| | John | Doe | john@company.com | Maker | IT | | Jane | Smith | jane@company.com | Checker | Compliance | | Bob | Johnson | bob@company.com | Viewer | Finance |
3

Upload File

  1. Click Choose File 2. Select your filled CSV 3. Click Upload
4

Review & Confirm

Review the preview of users to be imported - Check for errors - Verify role assignments - Confirm department mappings
5

Complete Import

Click Import Users to create all accounts All users will receive email invitations automatically
Pro Tip: Start with a small test batch (3-5 users) to ensure your CSV is formatted correctly before importing hundreds of users.

Managing Existing Users

Edit User Information

To update user details: 1. Go to Users page 2. Click on the user’s name 3. Click Edit button 4. Update information: - Name and contact details - Job title and employee ID - Department assignment 5. Click Save Changes

Deactivate User

When an employee leaves or no longer needs access:
1

Find User

Navigate to Users and search for the user
2

Open Profile

Click on the user’s name
3

Deactivate Account

Click Deactivate button What happens: - User cannot log in - Active sessions are terminated - Data and history are preserved - Can be reactivated later if needed
4

Confirm

Click Confirm Deactivation
Deactivated vs Deleted: Deactivating preserves audit trails and historical data. Deleting permanently removes the user (not recommended).

User Groups & Teams

Create groups for easier permission management:

Create a Group

1

Access Groups

Go to UsersGroups
2

Create New Group

Click + Create Group Fill in: - Group Name: e.g., “Security Team”, “Audit Committee” - Description: Purpose of the group - Default Role: Role for all members (optional)
3

Add Members

  • Search and select users - Or bulk select from department
4

Set Group Permissions

Configure what the group can access
5

Save Group

Click Create Group
Common groups to create:
  • Executive Leadership
  • Security Operations Team
  • Compliance Officers
  • Risk Assessment Committee
  • IT Operations
  • Audit Team

Password Management

Reset User Password

As an admin, reset any user’s password: 1. Navigate to user profile 2. Click Reset Password 3. Choose option: - Email Reset Link: User receives password reset email - Generate Temporary Password: Create password and share with user 4. User must change password on next login

Force Password Change

Require a user to change their password:
  1. Open user profile
  2. Click Force Password Reset
  3. On next login, user must set a new password
Use this when: Suspected account compromise, employee role change, or routine security policy enforcement.

Session Management

View Active Sessions

See who’s currently logged in:
  1. Go to UsersActive Sessions
  2. View list showing:
    • Username
    • Login time
    • IP address
    • Device type
    • Last activity

Terminate Sessions

  1. Find user in Active Sessions 2. Click Terminate Session 3. User is immediately logged out
  1. Click Terminate All Sessions (top right) 2. Confirm action 3. All users are logged out
    Use sparingly! This logs out everyone including you.
If you notice suspicious activity: 1. Terminate the session immediately 2. Reset the user’s password 3. Contact the user to verify their activity 4. Review audit logs for unauthorized actions

Access Logs & Audit Trail

Monitor user activity:

View User Activity

1

Access Audit Logs

Go to UsersActivity Logs
2

Filter Logs

Filter by: - User: Specific user or all - Action Type: Login, Create, Edit, Delete, etc. - Date Range: Last 7 days, 30 days, custom - Module: Risk, Compliance, Assets, etc.
3

Review Activity

See detailed logs showing: - Timestamp - User who performed action - Action type - Affected resource - IP address - Status (Success/Failed)
4

Export Logs

Click Export to download logs as CSV
Common audit checks:
  • Failed login attempts (potential security threat)
  • After-hours activity (unusual access patterns)
  • Bulk deletions (potential data loss)
  • Permission changes (privilege escalation)

User Notifications

Configure how users receive notifications:

Per-User Settings

  1. Open user profile
  2. Click Notification Settings
  3. Configure:
  • Risk Alerts: High/Critical risks assigned to user - Approval Requests: Pending items requiring approval - Compliance Reminders: Upcoming compliance deadlines - System Alerts: Important system notifications Frequency: - Immediate - Daily digest - Weekly summary

User Onboarding Checklist

When adding new users, ensure they complete these steps:
1

Account Setup

  • User receives invitation email - [ ] User sets up password - [ ] User completes profile information
2

Training

  • Review FigoRisk overview - [ ] Module-specific training (based on role) - [ ] Practice creating/editing records
3

Access Verification

  • Test login credentials - [ ] Verify module access - [ ] Check notification settings
4

First Tasks

  • Review assigned risks/tasks - [ ] Join relevant groups/teams - [ ] Set up dashboard preferences

Common User Management Tasks

  1. Create user account with appropriate role 2. Assign to department and manager 3. Send invitation email 4. Schedule training session 5. Assign initial tasks/responsibilities
  1. Update user’s department 2. Reassign pending tasks to new team 3. Update group memberships 4. Notify user of changes
  1. Update user role (e.g., Maker → Checker) 2. Adjust module permissions if needed 3. Update group memberships 4. Notify user of new responsibilities
  1. Deactivate user account 2. Reassign active tasks to others 3. Transfer ownership of records 4. Archive user data (keep for audit trail) 5. Remove from all groups 6. Document offboarding date and reason

Troubleshooting

Check: 1. Spam/junk folder 2. Email address is correct 3. Organization email server isn’t blocking Solution: - Resend invitation from user profile - Or manually share login credentials
Possible causes: 1. Account is deactivated 2. Too many failed attempts (locked) 3. Incorrect credentials 4. Password expired Solution: - Check account status - Unlock account if locked - Reset password
Check: 1. User role has permission 2. Module is enabled for user 3. User is in correct group Solution: - Update role or permissions - Enable module access in user profile
Solution: - Admin: Go to SettingsSecurity - Increase session timeout duration - Apply changes (affects all users)

Best Practices

User Management Best Practices

Security: - Review user access quarterly - Remove inactive users promptly
  • Use principle of least privilege - Enable multi-factor authentication (MFA) when available Organization: - Create clear naming conventions - Use groups for permission management - Document role definitions - Maintain updated contact information Compliance: - Keep audit logs for required period - Review access logs monthly - Document user access changes - Regular access certification reviews

Next Steps

Asset Management

Build your asset inventory

Risk Assessment

Start assessing risks

Compliance Management

Manage compliance requirements

API Access

Set up API integrations