User Management
DefectDojo’s user management surface is different in each edition. Pick the section that matches your installation.
DefectDojo Open-Source
Open-source DefectDojo uses the Authorized Users model: a user is given access to a Product or a Product Type by being added to that record’s Authorized Users list. Superusers and staff can see everything.
- Authorized Users — how to grant access to Products and Product Types
Authentication on open-source DefectDojo is local username/password plus the password-reset flow.
DefectDojo Pro
DefectDojo Pro uses a role-based system with Members, Groups, and Global Roles. Users can also be granted SSO access through SAML or one of the supported OAuth providers.
- Permissions in DefectDojo — overview of Roles, Memberships, Global Roles, and Configuration Permissions
- Set a User’s Permissions — assigning Roles, Global Roles, and Configuration Permissions
- Share permissions: User Groups — assigning permissions to many users at once
- Set Permissions in Pro — Pro-specific UI for managing Members and Permissions
- Action permission charts — full reference of every permission for every Role
- Single Sign-On — SAML and OAuth setup for Pro
Migrating between editions
If you’re moving from open-source’s Authorized Users to Pro’s RBAC, or upgrading from a pre-3.0 open-source release that used RBAC into the current Authorized Users model, see the 3.0 upgrade notes. Existing access is preserved automatically.
All DefectDojo Pro user permissions in detail
Access audit logs for DefectDojo objects
How to onboard a new user onto your DefectDojo instance
How to onboard a new user onto your DefectDojo instance
How access to Products and Product Types is granted in open-source DefectDojo
Summary of all DefectDojo Pro permission options, in detail
How to grant Roles & Permissions to a user, as well as superuser status
Overhaul, pro feature
Share and maintain permissions for many users in DefectDojo Pro