Login & Password

To log in to Contrast, you must accept an email invitation generated by your Administrator during onboarding. Once you accept this invitation, you're taken to Contrast to log in for the first time.

Change Password

To change your account password, complete the following steps:

  • Log in to the Contrast interface.
  • In the dropdown User menu in the upper right corner of the page, select Your Account.
  • Select the Change Password tab in the left navigation.
  • In the form fields, enter your current password and new password. Retype your new password in the next field to confirm it.

Note: Your new password which must adhere to the Password Policy set by your Administrator. Contrast notifies you of their requirements as you type it in the New Password field.

You must use this password the next time that you log in to Contrast.

Note: Customers using Single Sign-On (SSO) don't have this option.

Two-Step Verification

If your administrator has enabled two-step verification, you can add an extra layer of protection beyond your username and password. Complete the following steps to enable the feature:

  • From the Your Account page, select the Two-Step Verification tab in the left navigation.
  • Use the toggle to enable two-step verification.
  • Use the radio buttons to select your preferred notification method. You can access verification codes through your Contrast-associated email address or the Google Authenticator mobile application, which is available on the following devices:
  • If you run into issues using either method, use the backup codes provided.

Verification codes

If you choose to receive your verification codes by email, Contrast sends you a verification code to enter on the following configuration screen.

If you select Google Authenticator, Contrast provides QR code with further instructions. You can scan the QR code, enter the code manually or use the provided dropdown to select the device type. Use the Google Authenticator application to obtain a verification code and validate your device.

Before completing two-step verification setup, you can download a set of backup codes in the form of a .txt file, which allows you to login if you encounter an error or get locked out of your account. You must download and save these codes in a secure location.

Reconfigure notification methods

If you want to change the way you receive verification codes, you can reconfigure notification settings in the Two-Step Verificationtab. Once you change your selection, Contrast automatically issues a new set of backup codes. It's not necessary to save your changes.

Learn More

To learn more about Administrator settings, read the related article in Organization Settings. For some helpful tips on verification codes, go to the troubleshooting article.

Profile Settings

View your Contrast profile settings to verify or update the information that you provided when you created an account. Contrast also offers a few additional, optional fields that you can fill out to help other organization members learn more about you and also help Contrast tailor your experience in the application. To visit your Profile page, click on the caret beside your username, and select Your Account in the dropdown user menu.

General Information

In the General Information section, use the form fields to modify your basic account information, such as your name or time zone. Click on the thumbnail to upload a new profile image. (You can use an image of your own or choose one of the Contrast Cats.)


Go to the Your Keys section to view your Organization Keys, including your API key and Organization ID, and your Personal Keys, including your Service key. To rotate your service key, click the link provided. You can also click the button to Generate Sample API Request. To view examples of API requests, go to the Contrast API documentation.


Contrast offers guidance on new improvements in the latest release as you navigate the application. The What's New tab on your dashboard notifies you of new or updated features, while Quick Tips provide guidance for new functionality as you use a feature.

Note: You can also navigate to the latest Release News from the user menu.


How It Works

Notifications provide a mechanism for Contrast users to be alerted to specific situations, such as the discovery of a vulnerability or an attack on an application. Contrast offers several out-of-the-box notifications with settings that you can tailor as needed.

There are two primary channels available for notifications: Email and In Contrast.

  • In Contrast: Notifications are available directly in the Contrast application. View your notifications by clicking the bell icon in the top menu bar.
  • Email: Notifications are available if mail has been set up by your Organization Administrator.

Note: Organization Administrators can adjust notification settings for integrations in your organization. For more information, go to the Notifications management article.

Update Settings

To change your notification settings, log in to Contrast, and go to the User menu > Your Account > Notifications tab. Click in the Subscriptions field to choose the application(s) for which you want to receive notifications; the default selection is "All Applications". Use the toggles in the In Contrast and Email columns to enable or disable the following subscriptions.

  • Active Attack: There is an active attack on an application with Protect enabled.
  • New Vulnerability: Contrast has detected a new vulnerability. Click in the field to receive notifications for specific severity levels or "Library"; the default selection is "All".
  • Server Offline: Contrast can't reach a server.
  • New Comment: A team member commented on a finding.
  • New Asset: A new asset to which you have access has been onboarded. Click in the field to set this notification for "Application" or "Server"; the default selection is "All".
  • Email: A daily summary of Contrast activities. (Email row only)

Note: Click on the link at the top of the configuration form to Restore Defaults.

Your Permissions

The Permissions page provides a detailed view of the assigned permissions for both the organization and the applications to which you have access. To see your permissions, complete the following steps.

  • Log in to your account in the Contrast UI.
  • Select Your Account from the dropdown user menu beside your profile image.
  • Select the Permissions tab in the left navigation.

Your organization is listed at the top of the page along with your organization role. The Application Permissions grid communicates your role for each application within the organization. Click the help icon next to each role for details on the data access and actions made available by each level.

Custom Headers and Footers

Create a customized header and footer for the Contrast UI with your choice of color, text and more style options. This feature is available for users with Enterprise-on-Premises (EOP) instances of Contrast.

Header and Footer Styling

Complete the following steps to use HTML to customize the header, footer or both per server. The height of every header is set at 24 pixels. The height of every footer is set at 75 pixels.

  • Go to Contrast.Data.Dir/conf, and open the header.html file (to customize the header) or footer.html (to customize the footer).
  • Add HTML content to create your own header.
    • This file only supports inline styles (e.g., <... style="".../>) for the following attributes: "font-family", "background-color", "color", "font-size" and "text-decoration".
    • You can add the attribute align with the following values: "center", "left", "right" and "justify".

Example: <... style="font-size:20px;color:white" align="center">Your custom text here .../>

Edit the header and footer

To edit the header and footer files, update the HTML in the files and Save your changes. To remove the header, comment out the HTML you added or leave the file empty.