Account administration

Administrator account

Once Colander is deployed and running, the system administrator has to create a first account with administrative rights for both Colander and Threatr. To do so, the system administrator has to run the following command on the server running Colander:

Create admin accounts
docker compose -f no-sso.yml run --rm colander-front python manage.py createsuperuser
docker compose -f no-sso.yml run --rm threatr-front python manage.py createsuperuser

Those credentials have to be securely stored and must not be shared.

This first administrator account is necessary to create others accounts.

Administration panel

Administrators can use the administration panel of Colander which is located at a random location. This location is defined in 2 separate files:

  • .envs/.production/.colander, the variable DJANGO_ADMIN_URL defines the location of the administration panel of Colander
  • .envs/.production/.threatr, the variable DJANGO_ADMIN_URL defines the location of the administration panel of Threatr

The administration panel of Colander is accessible at https://[colander domain]/[DJANGO_ADMIN_URL] and https://[threatr domain]/[DJANGO_ADMIN_URL] for Threatr.

User accounts

Account creation

By now, the only way for a new user to get an account is requesting its creation to an administrator. The administrator must use the administration panel to add a new user.

Menu of the administration panel showing the entry for managing the accounts
Menu of the administration panel showing the entry for managing the accounts

Then, the administrator has to specify the username and password that will then be shared with the user.

Menu of the administration panel showing the user account creation form
Menu of the administration panel showing the user account creation form

To grant the administrative rights to a specific user, an administrator has to select Active, Staff status and Superuser status options.

Menu of the administration panel showing the options to grant administrative rights
Menu of the administration panel showing the options to grant administrative rights

Instead of deleting an account, administrators can deactivate a given account.

Raw passwords

Raw passwords are not stored, so there is no way to see the user’s password.

Account verification

At their first login, a user has to set a primary email address by opening their profile (click on the username at the top right of Colander then Manage in the email address section) and has to go through the verification process.

Having a verified primary email address linked is necessary to reset the password of the account.

Password change

After having linked their email address, the user can logout, go back to the login page and click on Forgot your password?. An email detailing the procedure will be sent to the primary email address linked to the account.

Multi-factor authentication

Users can set up 2-factor authentication by following the procedure in their profile, section 2FA. By now, Colander only supports TOTP.

Overview of the form for setting up the 2-factor authentication
Overview of the form for setting up the 2-factor authentication