Account Setup

This guide walks through creating your BreachSpider account, setting up your organization, and preparing for your first environment.

Creating Your Account

Navigate to breachspider.com/signup.
Enter your work email address.
Click Create Account.
Check your inbox for a magic link email from BreachSpider (sender: [email protected]).
Click the link in the email to verify your address and complete account creation.

The magic link expires after 15 minutes. If it expires before you click it, return to the signup page and request a new one. Check your spam or junk folder if the email does not arrive within 60 seconds.

No password is required. BreachSpider uses magic link authentication exclusively. See the Magic Link Authentication guide for details on why and how this works.

Organization Setup

After verifying your email, you are prompted to set up your organization profile:

Organization Name (required): The name of your company, utility, or consulting firm. This appears on reports and in the audit log. Use your legal entity name or a clear abbreviation. Example: "Jefferson Water Authority" or "CITED Relevance LLC".
Your Name (required): Your full name as it should appear in the audit log and on shared reports.
Your Role (optional): Select from a dropdown -- Plant Manager, OT Engineer, IT Security, MSSP, Consultant, Researcher, Other. This helps BreachSpider tailor the onboarding experience to your responsibilities.
Timezone (recommended): Used for alert delivery timing and report date formatting. Defaults to your browser timezone but can be changed under Account > Profile at any time.

Click Complete Setup to proceed to the dashboard.

The Onboarding Checklist

New accounts see a 5-step onboarding checklist on the dashboard. The checklist guides you through the minimum setup to get value from the platform:

Create your first environment -- define a site (plant, facility, substation).
Add assets to your environment -- tell BreachSpider what devices you operate.
Set up an alert -- connect Teams, Slack, or confirm email alerts are enabled.
Generate your first report -- run a baseline posture report.
Ask SAGE a question -- open the SAGE chat and ask an ICS-specific question.

Each step links to the relevant guide page. The checklist disappears automatically when all five steps are complete. You can dismiss it early by clicking the X in the top right corner of the checklist card.

Inviting Team Members

Team invitations are available on Standard tier and above.

Navigate to Account > Team > Invite Member.

Enter the team member's email address and select a role:

Admin: Full access to all environments, settings, integrations, and team management. Can invite and remove members and update organization settings.
Viewer: Access to all environments, findings, tickets, reports, and alerts. Cannot manage team membership, billing, or organization settings.

The invited user receives a magic link email. Once they verify, they appear in your team list and can access the organization's environments.

To remove a team member, navigate to Account > Team, find the member, and click Remove. Removal is immediate. Their sessions are invalidated and their access is revoked. The removal is logged in the audit log as MEMBER_REMOVED.

BreachSpider collects the minimum data necessary to operate the platform:

Email address: Used for authentication, alerts, and communication.
Organization name: Used in reports and the audit log.
Your name: Used in the audit log and on shared reports.
Role and timezone: Used to personalize the experience.

No passwords are stored. No credit card is required for the free tier. Payment information is collected by Stripe only when you upgrade to a paid plan. BreachSpider does not sell or share your data. See the Privacy Policy for the full data handling policy.

Next Steps

After completing account setup, proceed to the First Time Setup Checklist to configure your first environment and start receiving findings.