BLACKSHIELD

Public Guide

What BlackShield Secures for You and What Your Team Owns

BlackShield owns the product controls in the platform; your team owns the way you configure identities, keys, scan scope, and operational approvals inside your workspace. Audience: Security architects, compliance owners, procurement reviewers, and platform administrators. Typical setup time: 10 minutes.

Before You Begin

  • List the controls your team expects BlackShield to operate on your behalf.
  • List the controls your team must still own after deployment.
  • Have `/identity`, `/api-keys`, and `/audit` available during the review.

Step-by-step

Step 1

BlackShield-managed controls

These are controls the product and service operate for every customer.

  • BlackShield enforces authenticated access and role permissions on administrative APIs and dashboard surfaces.
  • BlackShield rate-limits sensitive flows such as login, identity writes, API key writes, and tenant deletion.
  • BlackShield records audit queries and audit exports so evidence access is itself traceable.

Step 2

Customer-managed controls

These are the places your team still needs to make good decisions after purchase.

  • Use `/identity` to configure the approved IdP, group mappings, and SCIM behavior for your users.
  • Use `/api-keys` to rotate, revoke, and review keys used by scanners and automations.
  • Keep integrations and scan targets limited to repositories, images, cloud accounts, and environments your team has approved.

Step 3

How to run the split in practice

A useful shared-responsibility page should tell the customer where to go in BlackShield, not just tell them to “review responsibilities.”

  • Use `/audit` to verify who changed identity settings, exported evidence, or ran other sensitive actions.
  • Use `/tenant-rights` when the conversation turns to deletion authority, workspace ownership, or exit controls.
  • Use the same BlackShield screens in renewal and audit reviews that you used during initial due diligence.

Success Checks

  • Security and operations teams can point to the BlackShield screen where each shared-control question gets answered.
  • Any shared-control gaps have owners, due dates, and follow-up tracking.
What BlackShield Secures for You and What Your Team Owns | BlackShield Docs