Adding users and user groups for protection

Coro protects users in an organization in the following ways:

  • Coro generates tickets for all users, both protected and protectable . These tickets are recorded in the Ticket Log .
  • The Actionboard displays activity exclusively for protected users.
  • Tickets involving protected users are either automatically resolved by the system or can be addressed by an admin user with sufficient permissions.
  • If a ticket involves both protected and protectable users, action is taken only for the protected users. For example, if a phishing email is sent to Bob (protected) and Alice (protectable), Coro moves the email to the designated Suspected folder for Bob, but not for Alice.
  • Users can be added for protection by an admin user with sufficient permissions at any time.

To view your protected users and groups, visit the Protected users page.

  1. Sign into the Coro console , select Control Panel to access the Control Panel , then select Users :

    Selecting Users from the Control Panel

  2. The Protected Users page provides a complete list of your protected users, protected user groups, and exclusions:

    The Protected Users page

    Use the Protected users page to view, add, remove, and exclude protected users and user groups, or to remove a user from an exclusion.

The Protected Users indicator shows all users added to Coro, either individually or through a group. This total includes both protected users and those excluded from protection (shown in brackets):

The Protected Users indicator

Navigate between views using the following tabs:

Protected users tab

View your protected users here:

Protected users tab

Each user is listed by email address, along with details of how and when they were added, the cloud applications they are connected to, and their status.

Users can be:

  • Added individually (labeled Added individually )
  • Part of a group (with the group name displayed)
  • A named admin (indicated as admin )
  • A combination: for example, Added individually + 1 group , where a user added individually might also belong to a group. If the user's email address has + n next to it, selecting the n shows the user's aliases.

Where a user is connected through more than one protected application, select the dropdown next to a user's entry to view the status for each application separately:

Expanded protected user

The user's status is Active or Inactive.

A new user has a status of Inactive until they have signed in to their account. A user becomes Inactive if they have not been actively using their cloud application account for 30 days.

An Inactive user becomes Active when they next sign in or if they perform 35 activities within three days. Examples of an activity include downloading files, deleting files, signing in, and adding someone as an admin.

When a user is disconnected from a cloud application, they are unprotected and have a status of Inactive. When a user reconnects to a cloud application, they are considered protected, and their status becomes Active. If you remove a user from exclusion, their status becomes Active.

Select the three-dot menu to view the following options for each user:

Protected users menu options

Filtering

Enter the first character(s) of their email address in Search to locate a user:

Protected users menu options

The search matches leading characters, and does not match searches on domain names.

Refine the search by using filters:

  • Protected apps : Filters the Protected Users list by the selected protected cloud application(s).
  • Status : Filters the Protected Users list by status.
  • Joined via : Filters the Protected Users list by application.
note

If you select more than one cloud application for a filter, the list shows users who match any of the selected cloud applications.

Select Clear all to remove all of the applied filters:

Protected users clear filters

Protected Groups tab

View your protected groups here:

Protected groups tab

When you connect an application such as Microsoft 365 or Google Workspace to your Coro Workspace, you give Coro permission to access user information in that application. This can include defined user groups.

Coro offers an option to protect all users within a designated group. If selected, the group is listed on this tab, and its members appear under the Protected Users tab.

Select the three-dot menu to view options for each group:

Protected groups menu options

Exclusions tab

View your users excluded from protection here:

Exclusions tab

To add protection for a large user group while excluding specific members, use the Exclusions tab. This approach prevents the need to add group members individually, avoiding blanket protection on the entire group.

To exclude a protected user:

  1. Select + ADD EXCLUSIONS .

    The Add individual users to exclusion list dialog appears:

    Add exclusion dialog

  2. Specify one or more email addresses for the users you want to exclude. Press TAB after each address to allow Coro to validate it.
  3. Select ADD USERS to confirm.
note

You cannot exclude Admin users from protection. If you specify an Admin user email, the user account shows as crossed-out in the Exceptions tab with the message Admin not excluded.

The Exclusions tab now lists your excluded users.

Adding users to protection

Users can be added to protection individually, in groups, or by uploading a comma-separated value (CSV) file of user details.

Adding individual users

To add users individually:

  1. On the Protected Users tab, select ADD USERS .
  2. In the menu, select Add Specific Users :

    Add users menu

    The Add users to Coro protection dialog appears:

    Add users dialog

  3. Enter the email addresses of users you want to protect.
  4. Select ADD USERS to confirm.

Adding groups of users

To add a group of users:

  1. On the Protected Groups tab, select ADD GROUPS .
  2. In the menu, select Add Specific Groups :

    Add groups menu

    The Add groups to Coro protection dialog appears:

    Add groups dialog

  3. Enter the names of the user groups you want to protect. Coro attempts to auto-complete group names as you type.
  4. Select ADD GROUPS to confirm.

The Protected Groups tab displays the added groups, while the Protected Users tab shows individual members of the group.

note

The ADD GROUPS menu also contains a link to Add Protection to All Users. For more information about this option, see Adding protection to all users in a connected cloud application.

Adding users for protection by importing a CSV file

Coro can add users for protection through an imported comma-separated (CSV) file containing a list of user email addresses.

note

To avoid validation issues, Coro provides a downloadable template file linked from the Upload a CSV file dialog.

When creating a CSV file, consider the following:

  • Each email address is specified on a separate line.
  • The first column of the CSV file must contain the valid email addresses of all users to be added to Coro protection. Additional columns and invalid entries are ignored.
  • The maximum CSV file size is 5 MB.
  • A maximum of 100,000 records are permitted.

To import users from a CSV file:

  1. On the Protected Users tab, select ADD USERS .
  2. In the menu, select Import from CSV :

    Import a users CSV file

    The Upload a CSV file dialog appears:

    Upload a CSV file dialog

  3. Select the Upload a CSV file area and locate the required CSV file in the file browser. Alternatively, drag and drop a CSV file into the dialog.

    The uploaded CSV file is displayed in the dialog:

    An Uploaded CSV file

  4. Select ADD USERS .

    Coro displays a confirmation dialog to show that the import is in progress:

    Import in progress message

  5. To acknowledge and complete the process, select GOT IT .

After the import completes, Coro shows a confirmation in the Console and logs the import details in the Activity Log:

Activity Log entry

Adding protection to all users in a connected cloud application

Coro can add protection to all users identified through a connected cloud application in one action.

To apply protection to all users:

  1. On the Protected Users tab, select ADD USERS .
  2. Select Add Protection to all Users :

    Add users menu

    The Add protection to all users dialog appears, showing the cloud applications you have connected to your Coro Workspace:

    Select cloud application dialog

  3. Choose one of the connected cloud appications.

    Coro presents a confirmation dialog:

    Add all users for M365

  4. To complete the process, select ADD PROTECTION .

Removing users from protection

Users can be removed from protection in one of the following ways:

  • Individually or in groups from the Protected Users page.
  • Automatically, when a user who is removed from a protected group is not a member of any other protected group.
note

A user can be removed from protection individually ONLY if there is no protected group to which the user belongs.

When a group is removed from protection, a user that belongs to the group is removed from protection only if:

  • There are no other protected groups that the user belongs to.
  • The user has not been added to protection individually.

When a user is removed from a protected group, the user becomes unprotected only if:

  • There is no other protected group that the user belongs to.
  • The user has not been added to protection individually.

Removing an individual user

To remove a user from protection:

  1. Access the Protected users tab.
  2. Locate the user's email address in the list.
  3. Select the three-dot menu, then select Remove user :

    Protected users menu remove option

  4. Confirm YES, REMOVE .

The user is removed from protection based on the rules outlined earlier in this section.

Removing a user group

To remove a user group from protection:

  1. Access the Protected groups tab.
  2. Locate the required user group in the list.
  3. Select the three-dot menu, then select Remove group :

    Protected groups menu remove option

  4. Confirm YES, DELETE .

The group is deleted and removed from protection based on the rules outlined earlier in this section.

Export CSV

To save the Protected Users list to a CSV file, select Export CSV. Coro presents a message confirming that the export to CSV file is in progress and that it will be available at the Activity Logs page later.

The CSV file has the following fields:

  • Email
  • Alias
  • IsAdmin
  • CloudApplication
  • JoinedVia (as admin, individually, or via a group)
  • Group
  • ProtectionDate