Short, practical guides to every part of the product — what each feature does and how to get value from it.
Your compliance posture at a glance — scores, trends, and the issues that need attention.
Connect your identity providers, cloud platforms, and SaaS apps so ComplianceScout can evaluate them.
Configure enterprise SSO and manage who on your team can sign in and with what role.
Explore who has access to what, find separation-of-duties conflicts, and run access certifications.
Inventory and certify service accounts, API keys, bots, and application identities.
Search, filter, and export every identity discovered across your connected sources.
Review security groups, distribution lists, and teams synced from your IdPs.
Device inventory, certificate health, and per-device compliance checks.
Define separation-of-duties rules that flag conflicting role assignments.
Inventory the OAuth app grants your users have approved, and revoke risky ones.
Track credential exposure and rotation risk across OAuth clients, keys, and tokens.
Enroll and manage your own MFA factors — authenticator app, passkeys, and email OTP.
Issue and revoke long-lived tenant tokens for SCIM provisioning and agent access.
One feed for compliance violations, real-time alerts, and behavioral anomalies.
Work findings and run threat hunts across your connected environment.
Run adversary simulations against your tenant and review what your detectors caught.
A tamper-evident audit log of administrative and security events, with chain verification.
Tamper-evident view of events ingested from your connectors, verifiable per sync run.
See login events grouped by country and highlight sign-ins from outside your home country.
Surface sign-ins from countries each identity hasn't used before.
See how your environment scores against each compliance framework, per connected source.
Track remediation plans (POAMs), generate System Security Plans, and run audit assessments.
Manage audit projects and a tamper-evident, hash-chained evidence ledger.
An AI-driven identity risk score for every identity, with the factors behind it.
Generate scheduled and on-demand compliance, executive, and technical reports.
Pre-adjudicate NIST 800-53 control implementations against your connected evidence.
Rehearse a FedRAMP or agency-ATO assessment and generate practice OSCAL artifacts.
Push OSCAL artifacts (SSP, SAP, SAR, POA&M) to eMASS, RegScale, or an agency portal.
Manage third-party vendors and run compliance attestation campaigns.
Gate third-party OSINT sources and manage per-source acknowledgments for federal deployments.
Invite users, set roles, and manage MFA status and access across your tenant.
Control whether ComplianceScout's own posture counts toward your compliance scores.
Restrict ComplianceScout access to specific IP ranges (CIDR blocks).
Block ComplianceScout access from selected countries at the edge.
Declare the public domains and IP ranges that external reconnaissance should scope against.
Step-by-step setup guides for every integration live in the main docs index.