Sign-up and login authentication | Fluid Attacks Help

Sign-up and login authentication

Sign-up

To sign up for the platform, go to app.fluidattacks.com/SignUp and follow the instructions (see Sign up to Fluid Attacks for a description).

You can sign up only with a valid Google, Azure or Bitbucket corporate account and must provide a Git repository to test (if you choose to import repositories using Open Authorization, make sure you have enabled third-party application access, e.g., in Azure DevOps).

All Essential plan features are free for 21 days. During the free trial or after it ends, you can subscribe to a paid plan.

Login authentication

Fluid Attacks' platform does not support the creation of users and credentials. Instead, for stronger security, it delegates authentication to your trusted providers: Microsoft, Google, and Atlassian. Any necessary permissions for authentication are therefore managed within your configuration settings with those providers.

To log in to Fluid Attacks' platform, go to app.fluidattacks.comThere, you will be prompted to continue with your corporate account and then enter a one-time password (OTP). This allows Fluid Attacks to strengthen the security of the authentication process, as it helps prevent unauthorized access.

Enter the OTP sent to email to log in to the Fluid Attacks platform

When entering the OTP, you can check the box  available to indicate that you trust the device from which you intend to log in to the platform and do not wish to enter an OTP while accessing the platform with that device for the next 180 days. Read Manage your trusted devices to better understand this option and learn where to remove registered devices.

The OTP is sent to your email by default, but you can change where you want to receive it. Click on Try another way to see the WhatsApp and SMS options.

Change where to receive OTP to sign in to the Fluid Attacks platform

You must previously register your mobile phone number on the platform for these alternatives to work.

Grant permission to Fluid Attacks for authentication

As mentioned above, authentication to the Fluid Attacks platform is made possible by your corporate account provider. In some cases, the domain administrator must consent to it. Microsoft users specially may face this extra step. To learn how to grant this permission, read the official Microsoft page,  Grant tenant-wide admin consent to an application.