Manage Mondoo - Overview

Once you've got Mondoo connected to your infrastructure, you'll want to manage who can use it, how it talks to your team, and how your spaces and organizations are configured. The pages in this section cover those administrative tasks.

Access and identity

• Manage access to Mondoo: control team member permissions, configure single sign-on with Okta or Microsoft Entra ID, and grant services, scripts, and apps access through service accounts, API tokens, and workload identity federation.

Alerting

• Manage alerts: configure Mondoo to notify your team when asset security scores change. Works with Slack, Microsoft Teams, Telegram, and custom webhooks.

User settings

• Manage your user settings: customize display preferences, email notifications, and login methods for your own Mondoo account.

Space and organization configuration

• Define your SLA: set service-level agreement targets for remediating findings by risk score, and track your team's mean time to remediate against those commitments.
• Remove obsolete assets: automatically clean up assets that haven't reported scan results or terminated EC2 instances.

Monitoring and auditing

• View audit logs: track administrative events like access changes and service account creation.

Reference

• Remove a space or organization: delete unused spaces or organizations, or remove all assets from a space while preserving its configuration.
• Service IP addresses: firewall allow-list entries for installation, updates, and the Mondoo API.
• Releases and versions: Mondoo's semantic versioning policy and the cnspec N-1 support cycle.

Related

• Track and Fix Findings
• Run Reports