Skip to Content
Platform GuideSettings

Settings

The Settings section is available within the Customer Dashboard (/dash/) and provides configuration options for identity, workspace management, remediation controls, and account preferences.

Identity & SSO

Configure Single Sign-On for your organization to enforce centralized authentication.

Adding a SAML Connection

  1. Navigate to Settings > Identity in the Customer Dashboard.
  2. Click Add Connection.
  3. Select your identity provider:
    • Entra ID (Azure AD) — For Microsoft 365 organizations
    • Okta — For Okta-managed identity
    • Google Workspace — For Google-managed organizations
    • Custom SAML — For any SAML 2.0 compliant provider
  4. Enter the required metadata:
    • Entity ID — Your IdP’s SAML entity identifier
    • SSO URL — The IdP’s single sign-on endpoint
    • Certificate — The IdP’s X.509 signing certificate (PEM format)
  5. Download the Slim.io SP metadata to configure the reply URL in your IdP.
  6. Click Test Connection to validate the SAML flow.
  7. Click Activate to enforce SSO for your organization.

Activating SSO enforces it for all users in your organization. Ensure at least one admin account can still log in via email/password as a recovery mechanism before enabling SSO.

JIT Provisioning

When Just-In-Time (JIT) provisioning is enabled, users who authenticate via SSO for the first time are automatically created in Slim.io with a default Viewer role. Administrators can then promote users to Editor or Admin roles as needed.

Workspace Management

Workspaces provide logical isolation for different teams or business units within your organization.

Creating a Workspace

  1. Navigate to Settings > Workspaces.
  2. Click Create Workspace.
  3. Enter a name and optional description.
  4. Assign connectors to the workspace — each connector can belong to one workspace at a time.
  5. Add team members and set their roles (Admin, Editor, Viewer).

Role-Based Access Control

RolePermissions
AdminFull access: manage connectors, run scans, edit policies, manage members
EditorOperational access: run scans, view findings, edit classifiers and policies
ViewerRead-only access: view dashboards, findings, and reports

Workspace Isolation

Each workspace maintains independent:

  • Connector assignments (a connector belongs to exactly one workspace)
  • Scan history and findings
  • Governance policies and drift events
  • Quota consumption tracking

Organization-level administrators can view and manage all workspaces. Workspace-level admins can only manage their assigned workspace.

Remediation & Blocks

Slim.io can act on findings automatically — alert, tokenize, mask, quarantine, or block. Three Admin-only controls govern how automated remediation behaves in your environment. See Remediation & Blocks for the full lifecycle; the controls themselves live here in Settings.

Rollback Window

Settings → Rollback window. Choose how long Last-Known-Good snapshots and one-click undo are retained: 24 hours (default), 72 hours, or 7 days. The window applies to every reversible and destructive action, including blocks.

Remediation Policy

Settings → Remediation policy. Deny entire safety classes of automated remediation for your tenant. Tick a class to forbid it — you have full control over all six classes.

Denying reversible blocks most automated remediation — your data may stay exposed during an incident until you act manually. Denying read_only provides no security benefit. The policy fails open: if it cannot be read, remediation proceeds rather than being silently blocked.

Today the deny-list enforces read_only, reversible, and destructive; infrastructure, governance, and inline_runtime are reserved for future remediation types and are labeled as not-yet-enforced in the dashboard.

Receipt Co-signing

Settings → Receipt co-signing. Require remediation receipts to be cryptographically co-signed by your own endpoint before they finalize. Choose a mode — Disabled, Optional, or Required — and provide your co-signing endpoint URL. Slim.io provisions the mutual-TLS certificates that secure the connection.

You cannot select Optional or Required until Slim.io has provisioned the certificates for your tenant; a platform-provisioned indicator shows the current state. Contact Slim.io to complete provisioning.

Account Preferences

  • Display Name — Your name as shown in the dashboard and audit logs
  • Email Notifications — Configure which events trigger email alerts (scan completion, policy violations, quota warnings)
  • Timezone — Set your preferred timezone for scan scheduling and report timestamps
  • API Keys — Generate personal API keys for CLI and programmatic access
Last updated on
Data VisualizationOverview