Migration assistant for restrictive groups to projects

Manual migration relies on the Migration Assistant available from the Projects page.

It consists of several steps:

  1. Create your projects: Create projects corresponding to restrictive groups.

  2. Organize your assets: Identify assets whose accessibility is restricted by one or more restrictive groups.
    In this step, Cyberwatch will automatically add to the relevant assets the projects corresponding to their restrictive groups.
    If an asset belongs to multiple permission groups, a manual decision will be required to resolve the ambiguity.

  3. Register your agents into projects: Assign a project to the API keys used for agent installation.
    This ensures that new agents registering with these API keys are placed inside a project.

  4. Assign projects to your discoveries: Assign a project to discoveries that have groups affecting permissions of discovered assets.
    This defines which project the discovered assets will be registered in.
    Already registered assets will not be affected, and groups will remain supported without impacting permissions.

  5. Adjust your assets rules: List all asset rules where groups are used to automatically modify asset parameters.
    These parameters may use groups to restrict access to assets, it is best to define the project when creating assets and avoid changing it later.
    Additionally, filters on migrated groups must now refer to the corresponding projects.

  6. Configure your authentication providers: SAML and OpenID Connect identity providers can supply an attribute used to assign groups to users.
    This section indicates whether configurations need to be modified to migrate groups to projects.
    If changes are required, configure the project attribute to reproduce the current behavior with projects.

  7. Migrate your users: Use the button to associate users whose groups have been migrated to projects with the corresponding projects.
    Groups will remain associated but will no longer impact asset visibility.

  8. Adjust your queries: List users using search filters on groups that have been migrated to projects.
    These filters may appear in exports or scheduled alerts.
    A button is available to migrate unambiguous queries for groups that have projects with the same name, so they filter by projects instead of groups.

  9. Remove the redundant groups: Display the list of groups migrated to projects and now redundant.
    Once all migration steps are completed and these groups are no longer used in Cyberwatch or external tools, you can use the button to delete these groups, now replaced by newly created projects.

Cyberwatch Support remains available to assist you in migrating your groups to projects.

Back to top