Create an account
AISafe offers three ways to sign up: passwordless email, GitHub OAuth, and Google OAuth. All three create an account in seconds and drop you into the dashboard where you can run your first assessment. You need one signup method to get started. You can link additional providers to the same account later from your account settings.
Your email address becomes the primary identifier for your account and receives important notifications such as assessment completion summaries and security alerts. Use an email address you control and monitor.
Passwordless email signup
To sign up with email, enter your email address on the signup page. AISafe sends a confirmation link to your inbox. Click it to verify ownership and activate your account. You set your password during the confirmation step, so the person who controls the email address completes the signup.
If the confirmation email does not arrive within a few minutes, check your spam folder and request a new link from the signup page. The link expires after a short window for security, so complete confirmation before it lapses.
OAuth signup (GitHub or Google)
If you prefer to use an existing account, click Continue with GitHub or Continue with Google. The provider redirects you to authorize AISafe, then returns you to the dashboard with an active session. New OAuth accounts activate at creation: the provider verifies your email ownership, so there is no separate confirmation step. If you have an AISafe account, the OAuth flow logs you in rather than creating a duplicate.
GitHub OAuth is convenient if you plan to connect GitHub repositories to AISafe, since the authorization you grant during signup can be reused when you later link repos for code audits or PR review. You retain full control to revoke access at any time from your GitHub account settings.
Two-factor authentication (2FA)
After creating your account, you can enable TOTP-based two-factor authentication from your account settings. AISafe supports authenticator apps (Google Authenticator, 1Password, Authy, etc.) and provides backup codes for recovery. Store your backup codes somewhere safe when you enable 2FA: they are the only way to regain access if you lose your authenticator device. You can also mark devices as trusted for 30 days to skip the 2FA prompt on your usual machines.
API keys bypass 2FA: they authenticate with their own credentials, so enabling 2FA does not affect scripts, the CLI, or integrations that use API keys. Your automated workflows keep running while 2FA protects your interactive logins.
Your first organization
The first account you create gets a personal organization named after you. This organization has all features enabled: you can run assessments, invite teammates, and connect integrations from it at once, so there is no separate setup step before you start scanning.
If the default name does not suit you, you can rename it from the organization settings page at any time. You can also create additional organizations to separate projects, clients, or teams, and switch between them from the organization switcher in the top navigation. Each organization has its own members, integrations, and assessment history, so work in one organization stays invisible to members of another unless you invite them.
Account settings
Your account settings page is where you manage everything tied to your user identity, independent of any organization. You can reach it from your avatar menu in the top-right corner of the dashboard. From here you can:
- Profile: update your display name, avatar, and email address.
- Password: change your password, or set one if you signed up via OAuth and later want a password login.
- Two-factor authentication: enable or disable TOTP, view and regenerate backup codes, and manage trusted devices.
- API keys: create, rotate, and revoke personal API keys used by the CLI, scripts, and integrations.
- Notification preferences: choose which events trigger email or in-app notifications, such as assessment completion, findings requiring triage, or team invitations.
- Linked providers: connect or disconnect GitHub and Google so you can log in with any linked provider.
Most changes to your account settings take effect at once. Email changes require confirmation at the new address before they activate.
Next steps
- Run your first assessment: create an org and launch a scan
- Invite your team: add teammates and assign roles