View Categories

User Authentication Configuration

2 min read

Table of Contents

Overview  #

The Shift Left API Platform ensures secure access and organized team collaboration through Role-Based Access Control (RBAC)
This configuration step defines who can access what, ensuring that every user operates with the right privileges and accountability. 

 

Step 1. Access the Authentication Settings : #

  • Navigate to Settings → Authentication & Access Control
  • Review the available authentication methods: 
  • Local Authentication (Username/Password) 
  • Single Sign-On (SSO) via SAML, OAuth2, or OpenID Connect 
  • API Token Authentication for integration and automation workflows 

⚙️ Admins can mix multiple authentication modes depending on enterprise requirements. 

 

Step 2. Configure Role-Based Access Control (RBAC) : #

RBAC ensures structured management by assigning roles aligned with responsibilities. 
Each role determines what users can view, modify, or execute within the system. 

Common Roles: 

Role  Description 
Administrator  Full access to system configuration, user management, and license settings. 
Contributor  Can create, edit, and execute tests within assigned projects. 
Viewer  Read-only access to dashboards, reports, and execution logs. 

You can create custom roles to align with your organization’s hierarchy or security policies. 

 

Step 3. Assign Roles and Permissions : #

  • Go to User Management → Add or Edit User
  • Select a role from the dropdown list. 
  • Optionally, restrict user access to specific projects or environments. 
  • Save changes and notify the user. 

Best Practice: Grant only the minimum permissions necessary for each role. 

 

Step 4. Enable Multi-Factor Authentication (MFA) : #

For an extra layer of security: 

  • Enable MFA under Authentication Settings
  • Users will be required to verify identity via OTP, authenticator app, or email link. 

MFA significantly reduces the risk of unauthorized access. 

 

Step 5. API Access & Tokens : #

For integrations or CI/CD pipelines, use API Tokens instead of user credentials: 

  • Generate a token under User Profile → API Tokens
  • Set token expiration and usage scope. 
  • Revoke or regenerate tokens as needed. 

 

Security Tips : #

  • Enforce password policies (minimum length, complexity, expiry). 
  • Regularly review and audit user activity through the Audit Logs module. 
  • Periodically revoke access for inactive or offboarded users. 

  #

Outcome : #

By configuring User Authentication with RBAC, organizations achieve: 

  • Granular access control 
  • Enhanced data security 
  • Streamlined collaboration across teams 

“Your go-to platform for fast and reliable API testing. Simplify testing, debugging, and monitoring APIs with ease.”

© 2025 Total Shift Left