As an MSP with an NFR account, you can use Blumira’s SIEM features for your own organization’s security practices while also managing your customers’ Blumira implementations. When Blumira creates your NFR account, it is considered the top-level parent account from which you can manage your own deployment and the deployment for each of your customers.
Some MSPs have internal controls, separated helpdesk and IT teams, or data security reasons for which they need to limit access to their organization’s log data. Some of their staff members only need access to their customers’ Blumira accounts, which means their organization should not use the top-level NFR account for both customer management and internal use of Blumira.
Deciding if you must separate your internal deployment for logging and detections into your own sub-account depends on the level of visibility of event logs that you want to give your organization’s users.
Important: All app users with access to an organization’s Blumira account have access to view and search log data and findings for the account. To fully restrict a user’s access to data, you must not add a user to the organization.
How to approach your account management
If you determine that you must limit internal access to your Blumira data, do not configure Cloud Connectors or sensors in the top-level parent account. Instead, use your parent account only for administration of users and sub-accounts, and create an internal sub-account dedicated to your organization’s use of Blumira’s SIEM features.
To create and use your internal sub-account for detections:
- Email Blumira’s MSP Team at email@example.com if you want to deploy your internal use licensing on a sub-account so that we can note your account properly and exclude it from sub-account billing.
- Create your sub-account in the MSP Portal and identify it as CompanyName - Internal Use, where “CompanyName” matches the name of the organization in your NFR account.
Reference: Read Adding and updating customer accounts in MSP Portal for full instructions.
- Add the users that need to have access to your internal-use sub-account and assign them Administrator role access in MSP Portal > Users. These users automatically get access to all your newly added sub-accounts, including your internal-use account.
- Navigate from the MSP Portal to the “CompanyName - Internal Use” account and verify that you see the name displayed in the accounts box at the top of the screen.
- Using your newly created internal-use sub-account, configure the necessary log sources for your organization in Cloud Connectors and Sensors, as appropriate.
If you have not yet requested an NFR account and know you will need an internal sub-account, email firstname.lastname@example.org and the MSP Team can set up both the top-level account and the internal sub-account for you from the start.
How roles impact NFR accounts
Administrators of an NFR account automatically get access to and administrator-level permissions for the MSP’s top-level account and all sub-accounts. Administrators are the only users with access to the MSP Portal where they can add new users and new customer accounts. Administrators can optionally also have the responder role if they also need to respond to findings in the app.
A user that is granted administrator and responder roles in the MSP Portal is automatically added to all child accounts with both sets of permissions.
If a user is added as a Responder to the top-level account, the user gets responder-level permissions to the MSP account and can be individually assigned to specific child accounts.
Although other roles (Manager and Monitor) exist in Blumira, those are not compatible with user management in the MSP Portal and therefore cannot be used in top-level NFR accounts. Manager and Monitor can be assigned in sub-accounts.
Reference: See the capabilities of each role in About Blumira role for MSPs.