Frequently Asked Questions

Login & Access

How do I log in?

Go to app.iefyx.com, enter your email and password, and complete the OTP if 2FA is enabled.

I forgot my password — what now?

Use "Forgot Password"; a single-use reset link is emailed and expires after a short window.

Why is my account locked?

Five failed login attempts lock the account for 15 minutes. Wait, or reset your password.

My session expired suddenly.

Sessions last 8 hours; you'll be asked to sign in again after that or after logging out.

I didn't get my login OTP.

Check spam, confirm your profile email, and use "Resend OTP".

How do I enable two-factor authentication?

Settings → Profile → enable Two-Factor Authentication.

Can I disable 2FA?

Yes, in Settings → Profile, but it is strongly discouraged.

Why can't I see the OEM portal?

Vendor accounts are restricted to the vendor portal by portal-isolation controls.

Why do I only have read access?

Either your role is Read Only, or your Free Trial expired and the account is read-only until a paid plan is activated.

Can multiple people use one login?

No — create individual users so audit logs stay accurate.

Customers & Applications

What's the difference between a customer and an application?

A customer is the client organization; an application is an asset of that customer you assess.

Why can't I add another customer/application?

You've hit your plan limit; upgrade or remove unused records.

How do I record compliance scope?

On the application, set the compliance scope (PCI-DSS, ISO 27001, SOC 2, HIPAA, GDPR or custom).

Can I delete a customer/application by mistake?

Deletes are soft (recoverable). Admins can restore; permanent delete is Admin-only.

Who can create applications?

Admin and Penetration Tester roles.

Can I upload a mobile app binary?

Yes — the application record stores the uploaded .apk/.ipa path for mobile assessments.

Vulnerability Management

How is severity decided?

If you supply a CVSS score, severity is auto-derived (and re-derived on edit).

What severities exist?

Critical, High, Medium, Low and Information.

What statuses can a finding have?

Open, In Progress, Fixed, Closed and Hold.

How do I attach evidence?

Use the Attachments section, or embed screenshots in the PoC/Impact editor.

Why was my file upload rejected?

Uploads are validated by magic bytes and size — use an allowed file type within limits.

How do I bulk-import findings?

Download the import template, fill it, and use Bulk Import; check Upload History and the error report for rejects.

Can I import directly from a scanner?

Yes — connect the scanner, trigger a scan, and import findings.

What is the dedup fingerprint?

A signature used to detect repeat findings so you don't create duplicates.

How do I retest a finding?

Use the retest workflow (Requested → In Progress → Passed/Failed) on the finding.

Can I add CWE/OWASP/MITRE data?

Yes — these classification fields are on every finding.

Risk Management

How are SLA deadlines set?

From your Risk Configuration's per-severity SLA days (defaults: 1/7/30/90).

What does SLA "Breached" mean?

The remediation deadline passed without closure; breaches appear in the SLA-breach list.

How is the risk score computed?

Auto-computed (0–100) from your Risk Configuration (method, scales, control weight).

How do I accept a risk?

Move the finding to Hold/Closed with a justification, following your approval governance.

Can I change SLA windows?

Yes — Admins edit them in Risk Configuration.

Reporting & Certificates

Which formats can I generate?

PDF and HTML reports.

Why did report generation fail?

Ensure the application has findings and required fields, and that you're within your monthly report limit.

Can I use my own report template?

Yes — upload a custom template and set it as default (custom-templates entitlement).

What report statuses are there?

Draft, Review, Initial, Retest and Final.

How do I issue a certificate?

Certificates → create for the application and generate from a template.

Who can generate reports?

Admin and Penetration Tester roles.

Subscription & Billing

What plans are available?

Free Trial, Starter (₹4,999), Professional (₹14,999) and Enterprise (₹49,999) per month.

What happens when my trial ends?

The account becomes read-only until you activate a paid plan; data is preserved.

How do I pay?

Via Razorpay checkout from the Billing screen.

My payment isn't reflected yet.

Confirmation may arrive via webhook shortly; if not, re-verify from Billing or contact support.

Do you issue GST invoices?

Yes — India-compliant invoices with CGST/SGST or IGST, downloadable as PDF.

Where do I see usage vs limits?

Settings → Billing shows usage against each plan limit.

Can I upgrade mid-cycle?

Yes — Admins can move to a higher plan from Billing.

Why was a create action blocked?

You reached a plan limit (users, customers, applications, etc.).

Notifications

Where are my alerts?

The in-app Notifications center, with an unread badge.

Can I get email alerts?

Yes — email is used for OTP, password reset and account/payment events.

How do I stop notifications?

Toggle notifications off in your profile.

Can I be alerted on SLA breach?

Yes — enable breach alerts/escalation in Risk Configuration.

Integrations & API

Which scanners are supported?

ZAP, OpenVAS, Nessus, Burp, Nuclei, Nikto, Nmap, plus a custom connector.

Do you integrate with Jira?

Yes — push and sync findings to Jira.

Is ServiceNow supported?

Not as a native adapter today; use the custom connector or API.

Do you support Slack/Teams?

Yes, as notification integrations.

Are AWS/Azure/GCP integrations available?

Not in this build.

How do I use the REST API?

Authenticate with a Bearer JWT or an Admin-created API key (apiAccess entitlement).

Why does Test Connection fail?

Check the base URL, credentials and network reachability; the platform also blocks unsafe internal URLs.

Why can't I create an integration?

Integrations require the integrations entitlement (Professional/Enterprise) and Admin role.