Overview π₯
Liongard has modernized its user permissions and access management model to simplify administration, improve security, and provide more granular control over environment access.
This update consolidates legacy permissions into five clearly defined roles and introduces Environment Groups as the primary mechanism for scoping access.
This article explains:
The current user role model
How environment scoping works
How Environment Groups are used
What changed during the migration
Best practices for managing users going forward
Why This Change Was Introduced π€
The previous permissions model relied on multiple overlapping role types and environment assignments, which could become difficult to manage at scale.
The updated model was designed to:
β Reduce role complexity
π Improve security through least-privilege access
𧩠Simplify environment access using logical groupings
βοΈ Make ongoing user maintenance easier and safer
Liongard User Permission Roles π
Liongard roles define what actions a user can perform, while environment scope defines where those actions apply.
π Environment Scope Types
Scope Type | Description |
Global | Access to all environments across the platform |
Configurable | Access limited to assigned environments or Environment Groups |
None | No environment access |
π§βπΌ Available User Roles
Role | Environment Scope | Capabilities |
Admin | Global |
|
System Integration | Global |
|
Manager | Configurable |
|
Reader | Configurable |
|
User Admin | None |
|
π Note
User Admins cannot access environments, inspectors, integrations, or metrics.
Environment Groups Explained π§βπ«
Environment Groups allow administrators to logically group environments and assign access at scale.
π Why Use Environment Groups?
Organize environments by customer, region, department, or team
Grant access to multiple environments at once
Reduce ongoing administrative overhead
π Common Use Case
A service desk team is segmented by territory.
Each team should only see customers in their assigned region.
Environment Groups make this possible without manual per-environment assignments.
Default Environment Groups π
Every Liongard instance includes two built-in groups:
Group Name | Description |
All Environments | Includes all environments, including your internal company |
All Managed Environments | Includes all customer environments, excluding your internal company |
Migration Impact for Existing Partners π
Liongard automatically migrated existing users to the new model. No action was required from partners during migration.
π Role Mapping During Migration
Previous Role | New Role | Notes |
Global Reader / Environment Reader | Reader | Scoped to previously assigned environments |
Global Environment Manager / Environment Manager | Manager | Scoped to previously assigned environments |
Global Admin | Admin | Assigned to All Environments |
Global Systems Integrator | System Integration | Assigned to All Environments |
User Administrator | User Admin | No change |
β οΈ Important
The migration did not create custom Environment Groups beyond the two defaults.
How to Add a User in Liongard π§
Navigate to Admin β Access Management β Users
Select Add User
Complete the required fields:
First Name
Last Name
Username
Email Address
Department
(Optional) Enable Technical Update Emails
Configure Multi-Factor Authentication (MFA) (recommended)
Assign one or more Roles
Assign Environments or Environment Groups (for Manager and Reader roles)
Click Save
π§ The user will receive an invitation email from roarbot@liongard.com.
Enforcing Global Multi-Factor Authentication (MFA) π
To enforce MFA for all users:
Click your username
Navigate to Company Settings β Security
Enable Multi-Factor Authentication
β MFA is strongly recommended for all Liongard accounts.
Individual User Maintenance π¨βπ§
From Admin β Access Management β Users, select a user to manage:
Action | Description |
Force Logout | Immediately signs the user out |
Reset Password | Sends password reset |
Reset MFA | Prompts user to reconfigure MFA |
Disable Account | Temporarily blocks access |
Delete User | Permanently removes account |
Bulk User Maintenance π₯
Administrators can perform actions on multiple users at once:
Activate or deactivate users
Reset passwords
Force logout
Reset MFA
Delete accounts
π Available via the Users page using the bulk selector and Actions menu.
When to Contact Liongard Support π¦
Contact Liongard Support if:
Users cannot access expected environments after migration
Roles or permissions appear incorrect
MFA or login issues persist after reset
You need guidance on Environment Group design