Saltar al contenido principal

Organization Settings

Organization Settings is a consolidated hub for configuring account-level preferences. This page provides an overview of each section; detailed walkthroughs are linked below.


Settings Navigation

Access organization settings via Settings (top-right avatar menu) → select one of the sections below.


Client / Company Profile

Overview: Configure your organization's name, industry, and contact information.

Contains:

  • Organization name
  • Website / industry classification
  • Team email addresses
  • Audit log access (Scale plan and above)
  • Invoice recipients

Details: See Organization: Client


Platform Configuration

Overview: Control how Plexicus behaves for your organization.

Contains:

  • Scan Schedule — Choose automatic scan frequency (None, Weekly, Monthly)
  • Autonomous Scanning — Auto-scan new repositories immediately upon creation
  • Fix Verification — Enable test-driven fix validation (Scale plan and above)
  • Deep AI Enrichment — Toggle high-confidence AI analysis (Enterprise only)
  • Remediation Language — Set the language for AI-generated fixes and summaries
  • Notifications — Quiet hours, email digest frequency, Slack notification rules

When to use:

  • Enable Autonomous Scanning to stay ahead of new vulnerabilities automatically
  • Toggle Fix Verification when you need confidence that generated fixes actually work
  • Adjust Remediation Language if your team prefers code comments/documentation in a non-English language

Language & Localization

Overview: Set the UI language for all users in your organization (individual users can override).

Contains:

  • UI language selector (English, Spanish, others)
  • Timezone for audit logs and reports
  • Date/time format preferences

OpenAI / BYO-AI Configuration

Overview: Connect your own AI provider (OpenAI, Azure OpenAI) for custom remediation and validation.

Contains:

  • Remediator connection — AI service used to generate fixes
    • OpenAI (standard API)
    • Azure OpenAI (government/VPC deployments)
    • OpenAI-compatible (DeepInfra, DeepSeek, etc.)
  • Validation connection — Separate AI service for finding validation & false positive detection
  • Connection test button to verify credentials before saving
  • SSRF protection for Azure URLs

When to use:

  • Use your own OpenAI keys when you want to bring API quotas or manage billing directly
  • Connect Azure OpenAI if your organization requires VPC-isolated AI or government compliance
  • Set separate validation + remediation providers for workload isolation

Details: Detailed setup instructions are in Organization: Client under "OpenAI Connection."


Plexalyzer Token

Overview: Generate and manage the legacy connector token used by the Plexalyzer workflow automation service.

Contains:

  • Token generation (one-time reveal)
  • Token revocation
  • Token expiration policy
  • Usage logs (which scripts/automations used this token)

When to use:

  • Generate a token if you're automating findings retrieval or remediation via your own scripts
  • Revoke tokens if you suspect they're compromised or no longer needed
  • Rotate tokens annually as a security best practice
info

The Plexalyzer token is separate from personal API tokens. Use Plexalyzer tokens for automation; use personal API tokens for CLI/MCP access.


Authentication & SSO

Overview: Set up single sign-on (SAML 2.0 or OIDC) and manage passkeys.

Contains:

  • SSO provider configuration (IdP metadata, entity ID, SSO/SLO URLs)
  • Enforcement mode (Coexist / SSO Preferred / SSO Enforced)
  • Certificate rotation and secret management
  • Passkey setup (passwordless login)
  • 2FA configuration (TOTP, security keys)

Details:


Team Management

Overview: Invite team members, assign roles, and manage permissions.

Contains:

  • Team member list (email, role, status)
  • Invite new members (set role at invitation time)
  • Revoke member access
  • Change member roles (Developer ↔ Cyberoper ↔ Admin)

Roles:

  • Developer — Read-only access to findings; cannot modify settings
  • Cyberoper (Cyber Operator) — Can triage findings, assign to developers, modify compliance mappings
  • Admin — Full access including team management, SSO configuration, payment settings
  • Superadmin — Internal Plexicus use only

Details: See Organization: Client for detailed team management walkthrough.


Roles & RBAC (Scale plan and above)

Overview: Create custom roles and refine permissions beyond the built-in Developer/Cyberoper/Admin roles.

Contains:

  • Built-in role list (Developer, Cyberoper, Admin)
  • Custom role creation (name, permission matrix)
  • Permission scopes (CREATE_REPOSITORY, UPDATE_FINDING, etc.)
  • Role assignment to team members

When to use:

  • Create a "Security Lead" role that can view all findings and reports but cannot delete repositories
  • Create a "Scanner Admin" role limited to managing scanner configuration and testing
  • Implement least-privilege access control for compliance audits (SOC 2, ISO 27001, etc.)

Details: See Organization: Roles & RBAC for complete custom role setup.


Audit Log (Scale plan and above)

Overview: Review all user and system actions for compliance and security investigations.

Contains:

  • Searchable audit log (who, what, when, where)
  • Filters by action type, user, timestamp, affected resource
  • Integrity verification (tamper-proof hash chain)
  • Log export (CSV/JSON for SIEM ingestion)

Logged events:

  • Team member add/remove
  • Role changes
  • Finding status changes (Triage, FP, Mitigated)
  • Settings changes (SSO config, API token rotation)
  • Payment/subscription changes
  • Scan schedule updates

Details: See Organization: Audit Log for full audit log guide and integrity verification.


API Tokens (Developer Access)

Overview: Create and manage personal API tokens for programmatic access to Plexicus.

Contains:

  • Token generation (set expiry: 30 days, 90 days, or never)
  • Token list (with creation date, last used)
  • Token revocation
  • Token scopes (read-only, write, admin)

Use cases:

  • Generate a token to access the Plexicus API from a CI/CD pipeline
  • Create an MCP server token for IDE integration (Claude Code, Cursor, VS Code)
  • Issue expiring tokens to contractors or third-party tools

Details: Detailed walkthrough in Settings: API Tokens.

info

One-time reveal: After token creation, the token is shown only once. Store it securely (e.g., in your CI/CD secrets manager). You cannot retrieve it later; revoke and regenerate if needed.


Account Preferences

Overview: Manage your personal account settings (password, email, language, account deletion).

Contains:

  • Change password
  • Email address
  • Preferred UI language (overrides organization default)
  • Download personal data (GDPR data subject access)
  • Delete account

Details: See Settings: Change Password.

aviso

Deleting your account removes you from the organization but does not delete your organization or findings. Only a superadmin can delete an entire organization.


Notifications & Alerts

Overview: Control how Plexicus alerts you to important events.

Contains:

  • Email digest frequency (immediate, daily, weekly)
  • Quiet hours (do not send emails between X and Y)
  • Alert types (finding assigned, batch complete, quota warning, etc.)
  • Slack integration (channel webhooks for real-time alerts)
  • SMS notifications (Enterprise only, for critical security alerts)

When to use:

  • Disable email for findings not assigned to you (reduce noise)
  • Set Slack alerts for high-severity findings (real-time response)
  • Enable quota warnings at 75% and 90% usage (to avoid surprises at 100%)

Connected Integrations

Overview: View and manage all active integrations (SCM, Jira, ServiceNow, etc.).

Contains:

  • SCM connection status (GitHub/GitLab/Bitbucket authorization)
  • Ticketing tool status (Jira/ServiceNow API tokens)
  • Registry connections (Docker Hub, ECR, GCR, etc.)
  • Cloud provider connections (AWS, Azure, GCP, OCI)
  • Slack/Teams webhook status
  • Refresh or revoke tokens

When to use:

  • Disconnect a SCM provider to stop scanning certain repositories
  • Rotate API keys or OAuth tokens for security
  • Test connectivity to a newly added integration

Billing & Subscription (Admin/Superadmin only)

Overview: Manage payment methods, invoices, and subscription status.

Details: See Billing & Payments for complete payment setup and subscription management.


Summary & Quick Access

SectionPurposePlan MinimumUser Role
ClientOrganization profileFreeAdmin
PlatformScan scheduling, autonomous modeFreeAdmin
LanguageUI/notification languageFreeAny
OpenAIBYO-AI configurationFreeAdmin
Plexalyzer TokenLegacy automation tokenFreeAdmin
AuthenticationSSO, Passkeys, 2FAFreeAdmin
TeamInvite members, assign rolesFreeAdmin
Roles & RBACCustom permission setsScaleAdmin
Audit LogCompliance audit trailScaleAdmin
API TokensProgrammatic accessFreeAny
AccountPersonal settings, passwordFreeAny
NotificationsEmail/Slack alertsFreeAny
IntegrationsSCM, Jira, Cloud, RegistryFreeAdmin
BillingPayments, invoices, subscriptionFreeAdmin