Role-Based Access Control

Maximum flexibility with granular control

Enable everyone on your global team — from development and security executives to developers, auditors and third-party vendors — to easily and securely collaborate with each other from development to production.

Role-based access control enables users from different organizations to upload and scan binaries, scan web applications, and view results and metrics via our cloud-based platform. 

Users are assigned to specific roles with pre-defined permissions, with a total of eleven distinct roles defined. For example:

  • Policy Administrators can edit policies and notification rules.

  • Submitters can submit scans and review results for their respective teams.

  • Security Leads can access analytics and flaw details for all applications.

  • Mitigation Approvers can approve mitigations for flaws.

  • Executives can view analytics dashboards for all their applications.

Integrates with IAM and SSO systems

  • SAML support: We support single sign-on (SSO) via the SAML 2.0 standard. SAML (the Security Assertion Markup Language) is an open standard for performing single sign-on across security domains—like from your enterprise to our cloud-based service, for instance.

  • Two-factor authentication: For highly secure environments, you can implement two-factor authentication via a secure token. This is a physical object that generates a constantly changing random number providing additional proof of your identity alongside your username and password.