Skip to content

Settings Enterprise

Settings covers personal account preferences, team access, and outbound alerting. Open it from the sidebar or the gear icon in the header.

Roles

Trapster uses four built-in roles. Assign a role when inviting a user from Settings > Users.

RoleChoose when…
AdministratorFull platform ownership: users, namespaces, SSO, licensing, all Trapsters and integrations
MemberAn operator who deploys Trapsters, creates honeytokens and breadcrumbs, and configures integrations within their namespaces
AnalystA triage-only user who acknowledges and investigates incidents but must not change honeypot or integration configuration
Read-onlyStakeholders who need visibility (dashboards, incident history) without making any changes

Member vs. Analyst

This is the most common decision for team leads:

MemberAnalyst
View incidents, Trapsters, honeytokensYes (within assigned namespaces)Yes (within assigned namespaces)
Acknowledge and delete incidentsYesYes
Deploy Trapsters, edit servicesYesNo
Create honeytokens and breadcrumbsYesNo
Configure webhooks, syslog, global emailsYesNo (view only)
Manage users or namespacesNoNo
Create personal access tokensYesNo

Member is for someone who runs the deception platform day to day. Analyst is for someone who triages alerts but should not touch infrastructure or integrations.

Both roles are namespace-scoped the same way. Neither sees data outside assigned namespaces unless an Administrator grants them access to all namespaces.

See Roles and Permissions for the full capability matrix.

User notifications vs. organization integrations

Trapster splits alerting into two layers.

User notifications (Settings > Notifications)

Personal email preferences for your Trapster account:

LevelWhat you receive by email
All notificationsEvery incident type in your accessible namespaces
Only login attemptsCredential submissions, breadcrumb triggers, and honeytoken hits
No notificationsNo incident emails

This controls email to your user account only. It does not configure webhooks, syslog, or SIEM forwarding. It also does not affect whether other team members receive alerts.

Administrators can set a default alert level when inviting a user. Each user can change their own preference afterward.

Organization integrations (Settings > Integrations)

Organization-wide outbound channels that fire independently of any single user:

IntegrationPurpose
EmailsDistribution addresses (for example, soc@company.com) that are not tied to a Trapster user account
WebhooksTeams, Slack, Splunk HEC, Sekoia, or custom HTTP endpoints
SyslogForward incidents and events to a syslog collector or SIEM

Each integration can be scoped to all namespaces or selected namespaces, and filtered by action type (incidents vs. individual events).

Rule of thumb: use user notifications when a person wants email in their inbox with a personal signal-to-noise preference. Use organization integrations when the SOC pipeline, ticketing system, or SIEM must receive alerts regardless of who is logged in.

See Alerting for setup guides.

SSO

Settings > SSO configures Microsoft Entra ID sign-in using OAuth 2.0 / OpenID Connect. Register Trapster as an application in your Azure portal, then enter the client ID and secret in the dashboard.

How SSO behaves in practice:

  • Optional, not mandatory. Enabling SSO adds a "Sign in with Microsoft" button on the login page. Email and password login continues to work for users who prefer it.
  • Invite-only. SSO only works for users who already have a Trapster account with a matching email address. Unknown Microsoft accounts are rejected.
  • Independent of Trapster 2FA. Two-factor authentication applies to the password login path. Users who sign in through Microsoft rely on your identity provider's MFA policies instead.

Only Administrators can configure SSO.

Two-factor authentication (2FA)

From Settings > Profile, users can enable TOTP-based 2FA with an authenticator app (FreeOTP, Microsoft Authenticator, and similar). After setup, password logins require a verification code. Recovery codes are provided at enrollment.

2FA is per-user and optional. It does not apply to SSO logins (Microsoft handles authentication for those users).

Users and invitations

Invite users from Settings > Users: email, role, namespace assignment, and optional default alert level.

What happens when someone accepts an invite

The invitation email contains a single link that combines account activation and password setup. When the invitee clicks it:

  1. They choose a password (one step; no separate email verification)
  2. Their account is activated immediately
  3. They are redirected to the login page (not straight into the dashboard)
  4. After signing in, they may be prompted to accept the EULA on first access if they have not already

Invitation links expire after 7 days. An Administrator can resend the invitation from the user's row menu in Settings > Users (only while the user is still inactive).

To cancel a pending invitation, delete the user from Settings > Users. This removes the inactive account entirely. There is no separate "revoke invite" action.

General settings

Settings > General (under Administration) is still available. It controls:

  • Organization name shown in the dashboard
  • Organization logo (optional, PNG/JPEG/GIF, max 10 MB)

There is no organization timezone setting in the current dashboard. Incident timestamps are stored in UTC and displayed in each user's browser locale. There are no scheduled reports tied to an organization timezone.

Only Administrators can change organization name and logo.

Next steps