Skip to main content

Organization Settings

This document will cover the tabs of the Organization settings page, which is accessible to admins (the triage team).

Members

On the Members tab, you can invite new users to your organization or remove existing ones.

SevHunt provides a limited initial set of roles:

  • Admin / Owner - Can perform all actions on the site, including triaging reports.
  • Member - Can create reports, access the store, and view high-level data like the homepage graphs and leaderboard.

The majority of your users will be "normal" employees and given the "Member" role.

Homepage

When users log into SevHunt, they see two tabs: "Welcome" and "Hunting Tips". The Homepage tab lets you configure these to greet your users and guide them through finding bugs.

Name & Slug

Your organization name and slug (the path piece that comes after https://sevhunt.com/o/) can be changed at any time. Slugs are unique across SevHunt, but free users must have slugs that end in -free to mitigate abuse/enumeration.

Auth

This page configures allowed email domains for your organization. When set, users with a matching email domain can join your organization without an invite, which is ideal for larger organizations.

New users will be given the "member" role by default, which allows for report submission and other non-triage tasks.

Note: If you plan to use this feature to (exhaustively) allow all email domains, please contact us first, as we'd rather enable external reports as a first-class feature.

Subscription

This page lets you manage your subscription with SevHunt. For more information on the behavior of upgrading/downgrading your subscription, please visit that page.

Encryption

Your organization has one or more encryption keys, which are shared by your triage team (admins) so that they can access incoming reports that are client-side encrypted by your users.

This tab allows your admins to rotate to new keys, and to enter passphrases for keys if they do not already have them stored.

Each encryption key contains the following:

  • A public key that your users "share" reports with
  • A private key, encrypted with a strong, salted, randomly generated passphrase
  • Test encrypted values that are used to validate that an admin has the correct passphrase

Organizations can have any number of encryption keys - users submitting reports will default to using the public key of the latest organization keypair, so you should feel comfortable that rotating to new keys will not disrupt users.