Getting Started
This guide walks you through initial setup, authentication, and the basic layout of the EndState CloudSec application.
Creating an Account
You can sign up with:
- Email and password -- Standard email/password registration
- Google OAuth -- Sign in with your Google account for faster onboarding
Sign Up Flow
- Navigate to the application at your organization's URL.
- Click Sign Up to create a new account.
- Enter your Full Name, Email, and Password.
- Verify your email address via the confirmation link sent to your inbox.
- After verification, you will be redirected to the Onboarding page to create or join an organization.
Organization Setup
During onboarding, you can either:
- Create a new organization -- Provide an organization name and slug (e.g.,
acme-corp). You will become theownerof this organization. - Join via invitation -- If you received an email invitation, your account will automatically be linked to the inviting organization upon signup.
Logging In
- Navigate to the application's login page.
- Enter your Account name -- this is your organization or tenant identifier (e.g.,
acme-corp). You can enter either the organization slug or the full organization name. - Enter your Email address.
- Enter your Password, or click Sign in with Google.
- The system will verify that your user is a member of the specified account before granting access.
- You will be redirected to the dashboard for the selected organization.
Multi-Tenant Login: If you belong to multiple organizations, the Account field ensures you log into the correct one. You must enter the account name each time you sign in.
Session Management: Your session is securely maintained across page loads using HTTP-only cookies. You will remain logged in until you explicitly sign out or your session expires.
Navigating the Dashboard
After logging in, you will be directed to the main dashboard. The user interface is divided into three main sections:
- Main Navigation (Left Sidebar) -- Your primary way to move between the different functional areas.
- Header (Top) -- Provides quick access to your user profile, organization settings, theme toggle, and sign out.
- Content Area (Center) -- Where the main content for each page is displayed.
Main Navigation Links
| Page | Description |
|---|---|
| Architecture | A unified, read-only view of your zones and the data flows between them. |
| Profiles | Manage connections to your cloud provider accounts (AWS, Azure, GCP). |
| Zones | Create and manage security zones and assign discovered resources. |
| Flows | Define and visualize the allowed data flows between your zones. |
| Deployment | Generate, review, and deploy your security policies to your cloud environments. |
| Validation | Run checks to verify your live cloud configuration against your defined policies. |
| Logs | View a complete audit trail of all actions performed within the application. |
User Roles and Permissions
EndState CloudSec supports role-based access within each organization:
| Role | Capabilities |
|---|---|
| Owner | Full access. Can manage billing, delete the organization, and manage all members. |
| Admin | Can manage profiles, zones, flows, deployments, and invite/remove members. |
| Member | Can view and interact with profiles, zones, flows, and deployments. Cannot manage members or billing. |
Managing Your Subscription
Organization owners can manage billing and subscriptions:
- Navigate to Settings or the billing section.
- Choose a subscription plan (Starter, Professional, or Enterprise).
- Complete checkout via the secure checkout page.
- Manage your subscription, update payment methods, or cancel via the Customer Portal.
If a payment fails, your organization's subscription status will change to past_due. You will retain access but should update your payment method promptly to avoid service interruption.
Next Steps
Your first step after logging in for the first time will be to configure a Cloud Profile. This is covered in the Profiles section.