Configuration Options

Supported Tenant Configuration Options
AttackForge Core & Enterprise provides a rich set of global tenant configuration options - allowing you to customize your AttackForge workflows, features & user experience.
The list of supported configuration options is included below and regularly updated.
You can access most of the configurations options via Administration module.


  • Custom domain for accessing the application (Enterprise only)
  • Custom domain for all emails (Enterprise only)



  • Code
  • Description
  • Level 1 Owner
  • Level 2 Owner
  • Level 3 Owner

Custom fields



  • Access New Projects
  • Create New Project
  • Add Test Suites on Existing Projects
  • Add Abuse Cases on Projects
  • Export Test Case Workspace Notes on Project JSON Export


  • Project Name
  • Project Code
  • Organization Code
  • Executive Summary
  • Vulnerability Scoring System
  • Team Notification Events
  • Admin Notification Events
  • Email Notification Type of New Vulnerabilities
  • Linked Portfolio Streams
  • Linked Groups
  • Custom Tags

Custom Fields

Project Requests

  • Enable Project Request Workflow


  • Action Project Requests


  • Project Name
  • Project Code
  • Testing to be Performed
  • Reason Testing is Required (Justification)
  • Assets to be Tested (Scope)
  • Desired Start Date
  • Desired End Date
  • Desired Test Window
  • Onsite Testing Required

Custom Fields


Assets Module

  • Enable/Disable Assets Module


  • Asset Type
  • Asset ID
  • Asset Details
  • Linked Groups

Custom Fields



  • Enable/Disable Remediation Plan
  • Enable/Disable Zero-Day
  • Enable/Disable/Configure Vulnerability Remediation SLAs

Vulnerability Form Builder

Import Vulnerabilities

  • Custom Mapping Expressions


Main Library

  • Allowed Roles, Groups and Users

Imported Library

  • Allowed Roles, Groups and Users

Project Library

  • Allowed Roles, Groups and Users

Custom Libraries

  • Add Custom Libraries and configure their access controls


  • Attack Scenario
  • CIA Fields (Confidentiality, Integrity, Availability)
  • Severity
  • Exploitability
  • CVSS Scoring
  • Custom Tags

Custom Fields

Test Suites

Test Case Custom Fields


Standard Reports

  • Configuration for PDF Report
  • Configuration for DOCX Report
  • Configuration for HTML Report

Custom Reports

  • Configuration for Custom Reports
The following tags can be used for setting a custom report name:
  • {}
  • {}
  • {project.code}
  • {project.organization_code}
  • {project.status}
  • {project.start_date}
  • {project.end_date}
  • {project.custom_field.<KEY>}


Email Notifications

  • Enable/Disable emails

Email Template

  • Custom Header
  • Custom Body CSS
  • Custom Footer


  • Email Group Members on Project Creation
  • Email Project Team when Project is On-Hold
  • Email Project Team when Project is Off-Hold
  • Email Project Team on Daily Testing Start/Stop
  • Custom Email Body for Daily Start/Stop Testing Notifications
  • Additional email recipients for Daily Start/Stop Testing Notifications
  • Custom Email Body for Individual Vulnerability Notifications
  • Custom Email Body for Grouped Vulnerability Notifications
  • Additional Email Recipients for New Vulnerability Notifications

New User

  • Email Admins when New User is Created
  • Email New User with Welcome Message
  • Custom Email Body for New Registrations
  • Custom Email Subject for New Manually Created/Invited User
  • Custom Email Body for New Manually Created/Invited User

Custom Emails

Admin Updates

  • Configure Daily Admin updates
  • Configure Weekly Admin updates


  • Email User on Change of IP Address from Last Login

Login and Security

Login Methods

  • Enable local accounts
  • Configure Single-Sign-On (SSO) Profile 1
  • Configure Single-Sign-On (SSO) Profile 2
  • Enforce AttackForge MFA on Admin SSO Logins
  • Auto-Redirect to SSO from Login Page
  • Enable Password Reset
  • Enable Simultaneous User Sessions
  • Session Timeout (in minutes)
  • Custom Login Message


  • Configure self-registration settings


  • Disable Inactive Non-Admin Users settings
  • Blacklisted Extensions for File Upload


  • Default Roles for New Users


  • Date format
  • Work week


  • Login and Report Logo
  • Sidebar Logo


  • Login Page Background Color
  • Login Page Primary Button Color
  • Login Page Secondary Button Color
  • Sidebar Header Background Color
  • Sidebar Menu Background Color
  • Sidebar Menu Active Item
  • HTML Report Title Background Color
  • PDF Report Title Background Color