Managing Credentials

Credentials are critical to gaining access to an application to enable further testing. With any program or engagement on Crowdcontrol, credentials can be allocated to researchers with our advanced credential management system.

Creating Credentials Buckets

Bugcrowd staff can create new credential buckets for your program and assign them to specific engagements within that program from the program settings.

Crowdcontrol currently supports the following credential types:

  • Email
  • Text
  • Traffic Control

Once the bucket is created it appears in the Credential buckets page.

With each bucket one can see the assigned, available, and archived credentials along with the allocation strategy per researcher.

The Credential Buckets page displays a list of all the buckets that have been generated in your program and assigned to one or more of that program’s engagements.

credential-bucket-page

Note: For a particular bucket one or multiple engagements can be assigned. Bulk actions like recycle, archive, and delete credentials can also be performed.

Credential Allocation

When the credential bucket is created and the auto-allocation is set, credentials are assigned to researchers automatically when they request them from the brief.

When auto-assign is not set for the credential bucket and researchers request credentials, the pending request is visible to Bugcrowd staff to action.

Note: Researchers can only request credentials for engagements that they have access to.

Viewing Credential Assignment

When clicking into a credential bucket, one can see settings related to it, and which specific credentials have been assigned so far.

view-credential-page