Sign-up and login to the platform
Last updated: Mar 16, 2026
First-time sign-up
To sign up for the platform, go to app.fluidattacks.com/SignUp and follow the instructions (see “Sign up to Fluid Attacks ” for a description).
You can sign up only with a valid Google, Azure or Bitbucket corporate account and must provide a Git repository to test (if you choose to import repositories using Open Authorization , make sure you have enabled third-party application access, e.g., in Azure DevOps ).
All Essential plan features are free for 21 days. During the free trial or after it ends, you can subscribe to a paid plan .
User authentication
Fluid Attacks’ platform does not support the creation of users and credentials. Instead, for stronger security, it delegates authentication to your trusted providers: Microsoft, Google, and Atlassian. Any necessary permissions for authentication are therefore managed within your configuration settings with those providers.
To log in to Fluid Attacks’ platform, go to app.fluidattacks.com . There, you will be prompted to continue with your corporate account and then enter a one-time password (OTP). This allows Fluid Attacks to strengthen the security of the authentication process, as it helps prevent unauthorized access.
When entering the OTP, you can check the box available to indicate that you trust the device from which you intend to log in to the platform and do not wish to enter an OTP while accessing the platform with that device for the next 180 days.
Read “Manage your trusted devices ” to better understand this option and learn where to remove registered devices.
The OTP is sent to your email by default, but you can change where you want to receive it. Click on Try another way to see the WhatsApp and SMS options.
You must previously register your mobile phone number on the platform for these alternatives to work.
Grant permission to Fluid Attacks for authentication
As mentioned above, authentication to the Fluid Attacks platform is made possible by your corporate account provider. In some cases, the domain administrator must consent to it. Microsoft users may specially face this extra step. To learn how to grant this permission, read the official Microsoft page “Grant tenant-wide admin consent to an application ”.
Permissions
Microsoft users grant Fluid Attacks the User.Read permission . This permission
- allows users to sign in to the platform;
- allows the platform to read the profile of signed-in users, and
- allows the platform to read basic company information of signed-in users.