In this article:
You can log into the SecurityScorecard several ways, depending on your needs or your organization's policies.
Use your business email and a password
You can sign up and log in using a traditional combination of your business email address and a custom-created password.
Passwords must include the following to be accepted:
- 10 or more characters
- At least 1 uppercase letter
- At least 1 lowercase letter
- At least 1 symbol ( ~!@#$%^&*()_+{}[]<>)
- At least 1 numeral
You will be required to accept the SecurityScorecard Terms and Conditions before logging in.
Use Google single sign-on (SSO)
If you have an email address that belongs to a Google Workspace account, you can use it to sign up and log in, instead of having to create another email and password to remember for the SecurityScorecard platform.
When you select the Google option, enter your Google credentials and grant access to SecurityScorecard. We will not receive any information about your Google password.
You will be required to accept the SecurityScorecard Terms and Conditions before logging in.
Use SAML single sign-on
If your organization has a SecurityScorecard administrator, you can set up SAML single sign-on for your users. This gives you more control over access by enforcing a login method you already use for other tools.
Learn more about configuring and setting up a SAML instance.
Note: The SAML single sign-on option is only available with a paid SecurityScorecard plan. Your organization must also have a user with a SecurityScorecard administrator role.
Login FAQ
Do I get locked out after failed login attempts?
After five failed login attempts you are locked out for 15 minutes. If you try to log in during that lockout window, the 15 minutes restart. You can unlock your account by resetting your password.
How can I reset my password with SecurityScorecard?
- If you are using SecurityScorecard credentials, use these instructions to reset the password.
- If you are using Google SSO, change your password with Google directly. SecurityScorecard does not have your Google password.
- If your organization uses SAML, contact your IT department to have your password reset. SecurityScorecard does not have your SAML credentials.
How long can I be idle before getting automatically logged out?
You can be idle for one hour, after which you are logged out.
Does my password ever expire?
No, but it is a good security practice to periodically reset your password and create a new one.
Can I reuse an old password?
Yes, but it is a good security practice not to reuse old passwords.
I signed up with a traditional login at first. How do I switch to Google SSO?
You can have a SecurityScorecard and a Google SSO login if the email addresses of each are identical.
- If you have set up a SecurityScorecard login first, go to https://platform.securityscorecard.io/#/start and click the button to sign in with Google. Then follow the steps to set up that option.
- If you have Google SSO login first, go to https://platform.securityscorecard.io/#/signup/ and fill out the form with the same email address to start the process of setting up a password. You’ll receive an email with a link to set up the password.
Can we use Google accounts other than Google Workspaces?
The SecurityScorecard platform only accepts Google Workspaces. You cannot use Google Mail (Gmail) or any other free webmail domains Google offers.
We use Google Workspaces and have also completed the SAML setup. How does that work for logging into the SecurityScorecard platform?
Once you have configured single sign-on with SAML, that becomes the only way to log into the platform.
I’m having trouble logging in. How can I get help?
Submit a Support request for help.