Administrator Guide
Administrator Guide
For vendor Admins — manage users, roles, risk configuration, billing, integrations, API keys and audit logs.
Who is this for? The Admin role is the only role that can manage users, organisation settings, billing, integrations, API keys, audit logs, and perform delete/restore/permanent-delete.
1. Users & Roles
- Create/edit/deactivate users (subject to the plan's users limit).
- Assign one of six roles — Admin, Penetration Tester, CXO, Developer, Network Engineer, Read Only — and an Internal/External scope.
| Capability | Admin | Penetration Tester | Other |
|---|---|---|---|
| View modules | ✅ | ✅ | ✅ |
| Create/edit business records | ✅ | ✅ | ❌ |
| Scans / Jira push | ✅ | ✅ | ❌ |
| Delete / restore | ✅ | ❌ | ❌ |
| Users, settings, billing, integrations, API keys, audit logs | ✅ | ❌ | ❌ |
Least privilege. Grant Admin sparingly. Use Penetration Tester for assessment work and Read Only / CXO for stakeholders who only consume data.
2. Organisation Settings
Settings → Organization manages governance and security controls for the tenant (Admin-only writes).
3. Risk Configuration
Tune SLA windows (defaults: Critical 1d, High 7d, Medium 30d, Low 90d), risk appetite, calculation method, control weight, escalation/breach alerts, review cadence and approval requirements.
4. Billing & Entitlements
- Monitor usage vs plan limits and feature entitlements.
- Pay/upgrade via Razorpay; download GST invoices (CGST/SGST or IGST).
- Act before a Free Trial expires to avoid the read-only transition.
| Plan | ₹/mo | Users | Customers | Applications |
|---|---|---|---|---|
| Free Trial | 0 (7d) | ∞ | ∞ | ∞ |
| Starter | 4,999 | 5 | 10 | 10 |
| Professional | 14,999 | 25 | 50 | 100 |
| Enterprise | 49,999 | ∞ | ∞ | ∞ |
5. Integrations & API Keys
- Create scanner/Jira/Slack/Teams integrations; always Test Connection before saving.
- Create and revoke API keys (requires the apiAccess entitlement — Professional/Enterprise).
Configuration steps are in the Integration Guide.
6. Audit Logs
Review the full activity trail for security investigations and compliance evidence (e.g. record creation/updates/deletes, status changes, Jira pushes).
7. Security Operations Checklist
- Enable 2FA for all users; enforce least-privilege roles.
- Rotate API keys regularly; revoke unused integrations.
- Deactivate departed users immediately.
- Review audit logs and SLA-breach lists on a fixed cadence.