1 of 7

Users, Roles and Permissions

User Account

Overview

As a CodeScan user, you have your own space where you can see the things that are relevant to you. View your personal space under the My Account page.

Profile

It gives you a summary of your:

Login
Email Address
Groups
SCM accounts

Security

Manage your own authentication tokens in this section. You can create as many tokens as you want. Once a Token is created, you can use it to perform analysis on a project where you have Execute Analysis permission.

Notifications

Email notifications are managed here. It is possible to define your overall notifications settings applied to all projects. By default, email notifications are turned on for the following notification types:

Background tasks in failure on my administered projects
Changes in issues/hotspots assigned to me
New quality gate status
My new issues

Point to Note:

A notification is never sent to the author of the event.
The author will not get notified about their own issues. It's only the assignee who gets notified and not the author.
The author/developer can look at their respective issues from the CodeScan UI.

CodeScan Cloud New Features Notifications

To receive CodeScan cloud new feature notification, select the Activate checkbox. By default, email notifications are turned on to receive new feature updates.

Adding Notifications to a Project

To add notifications for a specific project, select Add a Project and Search a project by name in the search menu. Two additional notification option types, especially applicable to team projects, are available on the per-project level:

Issues resolved as false positive or won't fix
New issues

Projects

The Projects tab lists all of the projects you are administering. You can select a project from this tab for full access.

Reset the Password

In general, you’ll only need to reset your password if you’ve forgotten it, but there are some instances when resetting your password can help protect the security of your account.

We recommend resetting your password in these cases:

You notice something suspicious in your CodeScan account.
You suspect someone you don't trust may have your password.
We ask you to change your password.

If you have not requested to reset your password and you receive an email asking you to change it, it could be a case of phishing. Instead of clicking on a suspect link in an email, log into your account to reset your password there.

Reset Account Password

Follow these steps to reset your password:

Navigate to your instance's URL, for example, https://app.codescan.io/ for US region, https://app-eu.codescan.io/ for EU region or https://app-aus.codescan.io/ for AUS region.
From the login screen, click the Don't remember your password? button.

Enter the email address you used to create your CodeScan account.

Click Send Email, and an email will be sent to your address with recovery instructions.
Check your inbox for a password reset email.
Click on the URL provided in the email and enter a new password.

Password Requirements:

New passwords must meet the following criteria:
MUST contain at least 8 characters (10+ recommended)
MUST contain at least one uppercase letter (A-Z)
MUST contain at least one lowercase letter (a-z)
MUST contain at least one number (0-9)
MUST contain at least one special character (such as !, %, @, <, >, # and so on)
MUST NOT contain an email address, first, middle or last name, or commonly used passwords
MUST NOT be one of the 13 previously used passwords

Troubleshooting

No Email Received?

If you don't see the email in your inbox:

Check your spam/junk folder
Try to reset your password again
If that still does not work, contact the CodeScan Support Team at support@autorabit.com.

Adding Users to a CodeScan Cloud Organization

Important note: The steps described in this article are only applicable to teams using Auth0 as an authentication method. If your CodeScan organization has any SAML connections enabled—even if not enforced—then new users should be added through the Identity Provider. Please find more details here.

User invitations to join the CodeScan organization are sent out by the org administrator. An email with a link inviting the user to join your organization will be sent to them.

Navigate to your instance's URL, for example, https://app.codescan.io/ for US region, https://app-eu.codescan.io/ for EU region, or https://app-aus.codescan.io/ for AUS region.
Go to your Organization in CodeScan.
Click on the Members menu of your Organization's home page, and then click on Invite Member.

In the Invite Users screen, enter the email (or emails) of the users you would like to add.

Invited user will get an automated email from CodeScan. The user must click on the link to accept the invitation (see "accepting invitations" section for details).
Once the user is added to your organization, you can edit their permissions through the Groups, Permissions, and Permission Templates under the Administration menu.

Accepting invitations to add a user to a CodeScan Organization

Accepting an invitation (Auth0 only)

Wait for your Admin to invite you to the CodeScan Cloud organization.
If you can't find the invitation link in your Inbox, check Spam and Junk folders.
Once you have the invitation link, click on it (please note it's valid only for a certain period of time and can only be used once):

You will be redirected to the Login screen. As it's your first time to CodeScan, select the Sign Up option:

On the sign-up screen you will enter your details and create a password, which you will use to log into your CodeScan account:

Depending on your team's requirements, you can also enable MFA (can be done later)
Congrats! You should be able to access CodeScan now.

If you encounter any issues, please reach out to support@autorabit.com

Deleting User from a CodeScan Organization

You can delete people from your organization who are no longer required if you have org administration permissions. Deleted users are permanently removed from a CodeScan organization.

Login to your CodeScan account.
Go to your Organization in CodeScan.
Click on the Members menu of your Organization's home page,
Search for the user from the list.
Click on Gear icon on the right side of the user you'd like to make changes to.
Select the Remove from organization's members option.

Select the Remove button once more to confirm your choice. The user will now be removed from your CodeScan organization.

Member Permissions

Permissions

Permissions can be set at the Organization level or at a Project level to give you full control over what your members can view and create.

Permissions can be set at the Organization level: Navigate to Administration > Permissions menu and apply to individual users or multiple users using the Groups feature.

Permissions can be set by Project level: Navigate to the Project Settings > Permissions menu and apply to individual users or multiple users using the Groups feature.

Permission Templates

Permission Templates can be created through the Administration > Permission Templates menu. This is a faster way of assigning correct permissions for new projects.

To create a new template, click on Create. You can customize the permission templates via the Edit Permissions option.

Note: Just like the main Permissions menu, this allows you to set permissions for users or Groups.

Once you have a permissions template created, you can apply it at the project level by clicking on your desired project. Then navigate to the Project Settings > Permissions menu and click on Apply Permissions Template.

Assigning Permissions Templates to Multiple Projects

You can also assign a Permissions template to multiple projects at once.

Navigate to Organization → Projects Management → select projects from the list → Bulk Apply Permission template:

NOTE: Browse and Execute Analysis permissions are required to run an analysis and view results.