Documentation Index

Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt

Use this file to discover all available pages before exploring further.

Secure Configuration Guide

  • 1 minute(s) read
Prev Next

Version 1.0 – March 9, 2026

NOTE:  This guide is specific to NucleusGov deployments only . The Secure Configuration Guide for standard commercial deployments will be coming soon.

NucleusGov requires that organizations authenticate to their environment via their Single-Sign-On (SSO) provider. This ensures that password complexity and authentication methods (MFA, PIV, etc.) are enforced by your organization’s IdP and takes much of the uncertainty out of user management.

  1. Ensure SSO is set on each organization and that SAML token encryption is used.

    WARNING:  Disabling users in your IdP will prevent them from logging in to NucleusGov, but it does not disable their existing account and API key. Make sure to note this for manual processing during user offboarding or set up an automated task using our API.

  2. Take advantage of groups in AzureAD or Okta for automatic user-assignment.

  3. Scope users and groups with only the minimum permissions.

  4. Ensure each Org is set to deactivate users who are inactive for 90 days, and to log users out after 15 minutes of session inactivity:

  5. Org, Project, Team, and User settings can be viewed and reported on via the Nucleus API.