Settings
The Settings page centralizes your organization's configuration across seven tabs. Access from Administration → Settings in the sidebar.
General
Organization
| Field | Description |
|---|---|
| Company Name | Your organization's display name |
| Industry | Industry classification (e.g., Healthcare Technology) |
| Website | Organization website URL |
| Address | Business address |
| Primary Contact Email | Main contact email for the organization |
Branding
| Field | Description |
|---|---|
| Logo | Organization logo (PNG, JPG, or SVG; max 2 MB) |
| Primary Color | Brand color with hex input and color picker |
Click Reset to Default to revert branding to the platform defaults.
Compliance
The Compliance tab has two sub-tabs:
Frameworks
Toggle which compliance frameworks are active for your organization. Available frameworks include SOC 2, ISO 27001, ISO 42001, PCI DSS, HIPAA, and others from the platform library.
Enabling a framework auto-enrolls the associated controls, evidence requests, and recurring activities from the Master Framework Library.
Products
Manage products and scopes for per-product compliance tracking. Each product can be mapped to specific frameworks, allowing independent status and evidence per product.
Notifications
Configure organization-wide notification preferences:
- Digest emails — Enable/disable, set frequency (daily/weekly), preferred day and time, timezone
- Email notifications — Toggle per event type: task assigned, task overdue, task due soon, mentions, comment replies, control status changes, assessment assignments, report reviews, security alerts, support ticket updates
- In-app notifications — Same toggles as email, controlling the in-platform notification bell
Integrations
Browse and configure integrations from the platform catalog. Integrations are grouped by category:
| Category | Examples |
|---|---|
| Cloud | AWS (GuardDuty, IAM, Infrastructure) |
| Identity | Google Workspace, Microsoft 365 (Entra ID) |
| Security | Endpoint management (SimpleMDM, Intune, Jamf Pro) |
| Notifications | Slack, Microsoft Teams |
| Ticketing | Jira, Motion |
Each integration card shows connection status and provides configure/manage actions. Some integrations support multiple connections (e.g., multiple AWS accounts).
See Integrations for detailed setup guides.
AI
Configure AI features for your organization:
AI Feature Categories
| Category | Description |
|---|---|
| Orchestrator | Core AI orchestration capabilities |
| Auto Suggest | Automatic suggestions for field values and mappings |
| Analysis | AI-powered analysis (risk, evidence, vendor review) |
| Generation | Content generation (reports, policies, remediation plans) |
Per-Feature Controls
Each AI feature can be individually:
- Enabled/disabled — Toggle the feature on or off
- Model selection — Override the default model for this feature
- Cost estimation — View estimated cost per invocation
Access Level
Control who can use AI features:
- Operators only — Only Concerto staff can use AI
- All users — All tenant users can use AI features
See AI Configuration for detailed settings.
SSO
Configure Single Sign-On for your organization:
Supported Providers
| Provider | Description |
|---|---|
| Google Workspace | Google OAuth/OIDC integration |
| Microsoft Entra ID | Microsoft 365 SSO with tenant ID and client credentials |
| Custom SAML/OIDC | Standard SAML 2.0 or OIDC configuration |
SSO Settings
| Setting | Description |
|---|---|
| SSO Enforcement | Whether SSO is required or optional |
| JIT Provisioning | Automatically create user accounts on first SSO login |
| Default JIT Role | Role assigned to auto-provisioned users |
| Max Session | Maximum session duration in minutes |
| Idle Timeout | Session timeout after inactivity |
| MFA Policy | Multi-factor authentication requirements |
| MFA Grace Period | Days before MFA enforcement takes effect |
Import / Export
Bulk import data into your organization from CSV files.
Supported Entity Types
| Entity | Description |
|---|---|
| Vendors | Vendor inventory records |
| Risks | Risk register entries |
| Recurring Controls | Recurring activity definitions |
| Policies | Policy and procedure records |
| BIA | Business impact assessment entries |
| Key Contacts | Organizational key contacts |
| Vulnerabilities | Vulnerability records |
| Projects | Project/initiative records |
Import Workflow
- Select entity type — Choose what to import
- Upload CSV — Upload your data file
- Map fields — Match CSV columns to platform fields
- Set duplicate strategy — Skip, update, or create duplicates
- Preview — Review mapped data before importing
- Execute — Run the import with progress tracking
Export history is available for previously completed imports.
Support Access
Available for self-service and audit firm tenants. Grant temporary access to the Concerto support team for troubleshooting assistance.
| Duration | Description |
|---|---|
| 24 hours | Short-term support session |
| 7 days | Extended troubleshooting |
| 30 days | Longer engagement |
| Indefinite | Until manually revoked |
All grants and revocations are recorded in an audit log accessible from this tab.
Audit Log
Access from Administration → Audit Log. View a chronological record of all changes made within your organization:
| Field | Description |
|---|---|
| Who | User who made the change |
| What | Record type and ID that was changed |
| When | Timestamp of the change |
| Changes | Previous and new field values |
Use the audit log for compliance evidence, incident investigation, or tracking configuration changes.