Skip to main content

Overview

After your first login as a super admin, you’ll need to configure your organization settings to get started with FigoRisk.

Initial Login

1

Access FigoRisk

Navigate to your FigoRisk instance URL (e.g., https://figorisk.yourcompany.com)
2

Login as Super Admin

Use the credentials provided during deployment: - Username: admin - Password: From your .env configuration
3

Dashboard Access

You’ll be redirected to the admin dashboard after successful login
Security First: Change your default password immediately after first login!

Organization Profile

Update Organization Information

1

Navigate to Settings

Click on Settings in the main navigation menu
2

Organization Tab

Select Organization from the settings sidebar
3

Update Profile

Fill in your organization details: - Organization Name: Your company name - Industry: Select your industry sector - Company Size: Number of employees - Country: Primary location - Address: Physical address
  • Contact Email: Primary contact email - Phone Number: Contact phone
4

Save Changes

Click Save to update your organization profile

Configure Organization Settings

Compliance Frameworks

Choose which compliance frameworks your organization follows:
Information security management system standard When to enable: - If you’re pursuing ISO 27001 certification - If you need to comply with information security standards
Nigerian data protection and privacy regulation When to enable: - If you operate in Nigeria - If you process data of Nigerian citizens
Service Organization Control 2 compliance When to enable: - If you’re a SaaS provider - If customers require SOC 2 compliance
General Data Protection Regulation (EU) When to enable: - If you operate in the EU - If you process EU citizen data
To enable frameworks:
  1. Go to SettingsCompliance
  2. Toggle on the frameworks you need
  3. Click Save Configuration

Set Up Departments

Organize your users into departments for better management:
1

Access Departments

Navigate to SettingsDepartments
2

Create Department

Click + Add Department Fill in: - Department Name: e.g., “IT”, “Finance”, “Operations” - Department Head: Assign a department leader - Description: Brief description of the department
3

Save Department

Click Create to save the department
Common departments to create:
  • Information Technology (IT)
  • Information Security
  • Compliance & Legal
  • Finance
  • Human Resources
  • Operations

Configure Notification Settings

Set up how your organization receives alerts and notifications:

Email Notifications

When to receive: - New high/critical risks identified - Risk status changes - Risk mitigation overdue Configure: 1. Go to SettingsNotifications 2. Enable Risk Alerts 3. Select severity levels: Critical, High, Medium, Low 4. Choose recipients: All admins, Department heads, Custom list

Set Up Approval Workflows

Configure maker-checker workflows for critical actions:

Workflow Types

Single Approval

One approver required Use for: - Low-risk changes - Standard operations

Dual Approval

Two approvers required Use for: - High-risk changes - Critical asset modifications - Compliance updates

Configure Workflows

1

Access Workflows

Go to SettingsApproval Workflows
2

Select Action Type

Choose what requires approval: - User creation/deletion - Risk acceptance - Asset classification changes - Control implementation
3

Define Approval Chain

Set who can approve: - Department heads - Compliance officers - Security team - Custom roles
4

Save Workflow

Click Save to activate the workflow

Integration Settings

SMTP Email Configuration

Required for sending notifications, alerts, and reports
1

Access Email Settings

Navigate to SettingsIntegrationsEmail
2

Configure SMTP

Enter your SMTP details: - SMTP Host: e.g., smtp.gmail.com - SMTP Port: Usually 587 (TLS) or 465 (SSL) - Username: Your email address - Password: Your email password or app password - From Name: “FigoRisk Notifications” - From Email: Your sender email
3

Test Connection

Click Send Test Email to verify configuration
4

Save Configuration

Click Save if test is successful
Using Gmail? You’ll need to create an App Password instead of using your regular password.

Cloud Storage (AWS S3)

Optional: For storing evidence documents, reports, and file uploads
1

Access Storage Settings

Navigate to SettingsIntegrationsStorage
2

Select Provider

Choose AWS S3
3

Enter Credentials

  • Access Key ID: Your AWS access key - Secret Access Key: Your AWS secret key - Region: Your S3 bucket region - Bucket Name: Your S3 bucket name
4

Test Connection

Click Test Connection to verify
5

Save Configuration

Click Save if connection is successful

Branding & Customization

1

Navigate to Branding

Go to SettingsBranding
2

Upload Logo

Click Upload Logo and select your image Requirements: - Format: PNG, JPG, or SVG - Max size: 2MB - Recommended: 200x60 pixels
3

Preview

See how your logo appears in the interface
4

Save

Click Save Changes

Color Scheme

Customize the platform colors to match your brand:
  1. Primary Color: Main brand color
  2. Secondary Color: Accent color
  3. Success Color: For positive actions
  4. Warning Color: For alerts
  5. Error Color: For critical issues

Security Settings

Password Policy

Configure password requirements for all users:
  • Minimum Length: 8-16 characters - Require Uppercase: A-Z - Require Lowercase: a-z - Require Numbers: 0-9 - Require Special Characters: !@#$%
  • Expiry Period: 30, 60, or 90 days - Expiry Warning: 7 days before expiry - Password History: Prevent reuse of last 5 passwords
  • Failed Attempts: Lock after 5 failed attempts - Lockout Duration: 15 minutes - Admin Override: Allow admins to unlock accounts

Session Management

  • Session Timeout: Auto-logout after 30 minutes of inactivity
  • Concurrent Sessions: Allow/disallow multiple logins
  • IP Restrictions: Limit access to specific IP ranges (optional)

Data Retention Policy

Configure how long data is retained:
Data TypeDefault RetentionConfigurable
Audit Logs1 yearYes (1-7 years)
Risk AssessmentsIndefiniteYes
Compliance Evidence3 yearsYes
User Activity90 daysYes
Reports1 yearYes
To configure:
  1. Go to SettingsData Retention
  2. Adjust retention periods for each data type
  3. Click Save Policy
Ensure retention periods comply with your regulatory requirements

Initial Setup Checklist

Use this checklist to ensure your organization is properly configured:
1

✅ Organization Profile

  • Updated organization name and details - [ ] Set organization logo - [ ] Configured branding colors
2

✅ Compliance Configuration

  • Selected applicable frameworks - [ ] Configured compliance reminders
3

✅ Departments

  • Created all departments - [ ] Assigned department heads
4

✅ Notifications

  • Configured SMTP email - [ ] Tested email delivery - [ ] Set up alert rules
5

✅ Security Settings

  • Set password policy - [ ] Configured session timeout - [ ] Set up approval workflows
6

✅ Integrations

  • Configured AWS S3 (if needed) - [ ] Tested all integrations
7

✅ Data Retention

  • Set retention policies - [ ] Verified compliance requirements

Next Steps

Add Users

Invite team members to FigoRisk

Import Assets

Start building your asset inventory

Risk Assessment

Begin risk assessment process

Compliance Setup

Configure compliance requirements

Need Help?

Contact Support

Our support team is here to help with your setup