Documentation
CerbiShield Docs
Everything you need to deploy, configure, and govern your logging infrastructure.
Getting Started
Getting Started with CerbiShield
Welcome to CerbiShield — the tenant-hosted log governance platform that enforces structured logging, prevents sensitive data leakage, and provides governance scoring across your applications.
Finding Your Dashboard URL
After deploying CerbiShield from the Azure Marketplace, your dashboard URL is available in the Azure portal.
- Open the Azure Portal.
- Navigate to Resource Groups and find your managed resource group (starts with
mrg-). - Open the CerbiShield Managed Application resource.
- In the left menu, click Parameters and Outputs.
- Find the dashboardUrl output — click it to open your dashboard.
- Bookmark this URL or share it with your team.
Tip:The
routerApiUrl output is also listed here — this is the API gateway used by client SDKs and integrations.Signing In with Microsoft Entra ID
CerbiShield uses Microsoft Entra ID (Azure AD) for authentication. All users sign in with their organizational credentials — no separate accounts needed.
- Open the dashboard URL in your browser.
- You will be redirected to the Microsoft sign-in page.
- Enter your organizational email and password.
- If prompted, consent to the CerbiShield application permissions.
- After sign-in, you land on the Overview page.
Troubleshooting Sign-In
| Problem | Solution |
|---|---|
| Application not found error | Ensure the App Registration is configured as multi-tenant. |
| You need admin approval | A tenant admin must consent via Enterprise Applications → grant admin consent. |
| Signed in but see Access Denied | You need a role assignment. See User Roles. |
| Session expired | Click Sign In when prompted. CerbiShield will attempt to refresh your token automatically. |
User Roles Overview
| Role | Purpose | Typical User |
|---|---|---|
| Admin | Full access. Manage rules, deployments, users, and settings. | Platform owner, security lead |
| Editor | Create and modify governance rules and profiles. | Governance analyst, compliance engineer |
| Viewer | Read-only access to dashboards, reports, and rule definitions. | Developer, stakeholder, auditor |
| Auditor | Access to audit logs, compliance reports, and governance history. | Compliance officer, external auditor |
| Operator | Monitor platform health and deployment status. | DevOps engineer, SRE |
Important:Users who are not assigned any role will default to Viewer (read-only access). They will never receive admin privileges by default.