Configuration Options

Supported Tenant Configuration Options

AttackForge Core & Enterprise provides a rich set of global tenant configuration options - allowing you to customize your AttackForge workflows, features & user experience.

The list of supported configuration options is included below and regularly updated.

You can access most of the configurations options via Administration module.


  • Custom domain for accessing the application (Enterprise only)

  • Custom domain for all emails (Enterprise only)

    • default



  • Code

  • Description

  • Level 1 Owner

  • Level 2 Owner

  • Level 3 Owner

Custom fields



  • Access New Projects

  • Create New Project

  • Add Test Suites on Existing Projects

  • Add Abuse Cases on Projects

  • Export Test Case Workspace Notes on Project JSON Export


  • Project Name

  • Project Code

  • Organization Code

  • Executive Summary

  • Vulnerability Scoring System

  • Team Notification Events

  • Admin Notification Events

  • Email Notification Type of New Vulnerabilities

  • Linked Portfolio Streams

  • Linked Groups

  • Custom Tags

Custom Fields

Project Requests

  • Enable Project Request Workflow


  • Action Project Requests


  • Project Name

  • Project Code

  • Testing to be Performed

  • Reason Testing is Required (Justification)

  • Assets to be Tested (Scope)

  • Desired Start Date

  • Desired End Date

  • Desired Test Window

  • Onsite Testing Required

Custom Fields


Assets Module

  • Enable/Disable Assets Module


  • Asset Type

  • Asset ID

  • Asset Details

  • Linked Groups

Custom Fields



  • Enable/Disable Remediation Plan

  • Enable/Disable Zero-Day

  • Enable/Disable/Configure Vulnerability Remediation SLAs

Vulnerability Form Builder

Import Vulnerabilities

  • Custom Mapping Expressions


Main Library

  • Allowed Roles, Groups and Users

Imported Library

  • Allowed Roles, Groups and Users

Project Library

  • Allowed Roles, Groups and Users

Custom Libraries

  • Add Custom Libraries and configure their access controls


  • Attack Scenario

  • CIA Fields (Confidentiality, Integrity, Availability)

  • Severity

  • Exploitability

  • CVSS Scoring

  • Custom Tags

Custom Fields

Test Suites

Test Case Custom Fields


Standard Reports

  • Configuration for PDF Report

  • Configuration for DOCX Report

  • Configuration for HTML Report

Custom Reports

  • Configuration for Custom Reports

The following tags can be used for setting a custom report name:

  • {}

  • {}

  • {project.code}

  • {project.organization_code}

  • {project.status}

  • {project.start_date}

  • {project.end_date}

  • {project.custom_field.<KEY>}


Email Notifications

  • Enable/Disable emails

Email Template

  • Custom Header

  • Custom Body CSS

  • Custom Footer


  • Email Group Members on Project Creation

  • Email Project Team when Project is On-Hold

  • Email Project Team when Project is Off-Hold

  • Email Project Team on Daily Testing Start/Stop

  • Custom Email Body for Daily Start/Stop Testing Notifications

  • Additional email recipients for Daily Start/Stop Testing Notifications

  • Custom Email Body for Individual Vulnerability Notifications

  • Custom Email Body for Grouped Vulnerability Notifications

  • Additional Email Recipients for New Vulnerability Notifications

New User

  • Email Admins when New User is Created

  • Email New User with Welcome Message

  • Custom Email Body for New Registrations

  • Custom Email Subject for New Manually Created/Invited User

  • Custom Email Body for New Manually Created/Invited User

Custom Emails

Admin Updates

  • Configure Daily Admin updates

  • Configure Weekly Admin updates


  • Email User on Change of IP Address from Last Login

Login and Security

Login Methods

  • Enable local accounts

  • Configure Single-Sign-On (SSO) Profile 1

  • Configure Single-Sign-On (SSO) Profile 2

  • Enforce AttackForge MFA on Admin SSO Logins

  • Auto-Redirect to SSO from Login Page

  • Enable Password Reset

  • Enable Simultaneous User Sessions

  • Session Timeout (in minutes)

  • Custom Login Message


  • Configure self-registration settings


  • Disable Inactive Non-Admin Users settings

  • Blacklisted Extensions for File Upload


  • Default Roles for New Users


  • Date format

  • Work week


  • Login and Report Logo

  • Sidebar Logo


  • Login Page Background Color

  • Login Page Primary Button Color

  • Login Page Secondary Button Color

  • Sidebar Header Background Color

  • Sidebar Menu Background Color

  • Sidebar Menu Active Item

  • HTML Report Title Background Color

  • PDF Report Title Background Color

Last updated

Check YouTube for more tutorials: