RedVeil is designed to support team-based security work.
Most organizations involve multiple people in penetration testing, including security engineers, developers, managers, and stakeholders who need visibility into results. RedVeil allows you to add multiple users to an account and control how they interact with projects, tests, and reports.
This article explains how to add users, how roles and permissions work at a high level, and best practices for managing access responsibly.
Adding Users to Your Account
Users are added to RedVeil by an account administrator. An administrator can access the Settings tab in the bottom left of RedVeil.
Administrative users can invite additional users directly from the account or settings area. Invited users receive access to the same account and can begin collaborating once their access is established.
Adding users does not create separate accounts or isolate data. All users operate within the same shared account context.
Roles and Permissions (High-Level)
RedVeil uses role-based access to help teams control who can perform certain actions.
Administrative users have the ability to manage account settings, add or remove users, and oversee overall usage. Member-level users can participate in testing activities, view results, and interact with reports, but are unable to manage any of the account's administrative functions (such as payment).
Roles are designed to support collaboration without giving unnecessary control to every user.
More granular roles may be added in the future!
Coordinating Test Activity Across Users
Because tests consume Agent Ops, it’s important for teams to coordinate testing activity. Multiple users within the same account can create and run tests. Running multiple tests at the same time can significantly increase usage, especially for larger or more complex scopes.
Clear internal communication helps ensure:
Tests are run intentionally
Usage is aligned with priorities
Agent Ops are not consumed unexpectedly
RedVeil provides visibility into active tests so teams can stay aligned.
Best Practices for Managing Access
A few simple practices help keep account usage predictable and secure.
Limit administrative access to users who need it, and assign member access to users who primarily review results or run tests. Encourage teams to coordinate before starting large or overlapping tests, especially in shared environments.
If access is no longer needed, users can be removed without affecting historical test data or reports.
RedVeil recommends that all users set up MFA (multi-factor authentication) which can be found in the Security tab in the Settings.
