Help Center › Cloud sign-in & entitlements
Everything in Perimeter works offline with no account. Signing in is purely additive: it unlocks continuous hosted scanning, the MSP console, evidence publishing, and scheduling. If the cloud module ever fails to load, the app stays fully local-first.
One account, the whole suite. Perimeter uses the shared DosanjhLabs identity (Keystone). Your tenant is derived server-side from your verified session — the client never sends a tenant id, so you can’t act on a tenant you’re not signed into.
Pro features are gated by entitlement. Each card shows Pro · unlocked or Locked based on your plan.
| Entitlement | What it unlocks |
|---|---|
| hosted_scan — Continuous hosted ASM | Scheduled external scans on the hosted runner with drift alerts; enables “Sync remediation state up” and “Schedule daily EPSS/KEV refresh.” |
| msp — MSP multi-client console | Run ASM + internal scans across many client workspaces under one login. |
| compliance_packs — Compliance report packs | PCI 11.3 / HIPAA / SOC 2 styled evidence reports. |
If a Pro action shows a “…is a Pro feature” message, your account doesn’t have that entitlement yet. Plans and upgrades live on the pricing page / the DosanjhLabs hub.
With Continuous hosted ASM unlocked, click Sync remediation state up to push your workflow fields only — each finding’s dedup_key, status, owner, and suppression reason/expiry — to the per-tenant cloud store. This is how your triage follows your team across browsers and devices.
What does NOT sync: raw scan evidence strings, internal hostnames, ports, and secret fragments stay in your browser. Only workflow metadata leaves.
Click Publish attack-surface evidence to emit a canonical vuln_scan_summary evidence object to the DosanjhLabs evidence graph. It contains only de-identified posture:
| Published | NOT published |
|---|---|
| open / KEV / critical / high / overdue-SLA / fixed counts | raw evidence excerpts |
| scan recency (a date) | hostnames, IPs, URLs |
| control references (framework + control id) from open findings | ports, banners, secret fragments |
Sightline consumes it to map your posture across 22+ frameworks; Bastion turns open KEV findings into POA&M items. The full canonical-object shape is documented in Compliance evidence.
With Continuous hosted ASM unlocked, click Schedule daily EPSS/KEV refresh to register the perimeter.feed_refresh job on the shared scheduled runner. It’s idempotent — already-scheduled tenants get “Daily EPSS/KEV refresh is already scheduled.” Full details in Feeds & scheduling.
Click Sign out to end the session. The app immediately returns to local-first mode with no network calls. Your local workflow edits (in localStorage) remain on this browser regardless of sign-in state.
Next: Security & privacy explains exactly what crosses the network and what never does, or troubleshoot sign-in in the FAQ.