Admin Quickstart
Plan for approximately 30 minutes to complete all steps.
Radiant is up and running - now it's time to configure it for your team. This guide walks you through the essential setup steps every administrator should complete before your analysts begin investigating alerts. Follow these steps in order to ensure your environment is fully operational from day one.
Important: Radiant requires an AWS S3 bucket to store ingested logs. If you have not yet configured your bucket, complete Bring Your Own Bucket before continuing. Your environment will not be operational until that setup is in place.
Before you begin
Make sure you have the following before starting setup:
Administrator access to your Radiant tenant
A configured AWS S3 bucket. See Bring Your Own Bucket if you have not completed this yet
SSO provider credentials if you are configuring Okta, Microsoft Entra, or Google as your identity provider
A list of analysts you need to add to the platform
Step 1: Configure SSO and MFA
Set up your identity provider and enforce multi-factor authentication to the platform. For detailed configuration instructions, see Set Up Single Sign-On (SSO).
Note: Configure SSO before inviting users. Accounts created before SSO is enabled may require migration.
Step 2: Add users
With SSO and MFA in place, invite your analysts to Radiant.
Navigate to Settings > Organization > Users.
Click + Add user.
Enter the user's name and email address.
Click Send invite.
Radiant sends the user an email invitation. The invitation link expires after 24 hours. Repeat for each user you need to add. If a user does not receive the invitation email, ask them to check their spam folder.
Note: Role-based access control (RBAC) is not yet available. All users currently receive full administrator access regardless of their role in your organization.
Step 3: Connect notification channels
Connect Radiant to your organization's communication platforms so your analysts can receive notifications. Email is available to all users by default. To enable Slack or Microsoft Teams, integrate those platforms using the dedicated setup guides below.
Navigate to Settings > Credentials in the left navigation panel.
Select Slack or Microsoft Teams.
Follow the setup instructions for your chosen platform:
Note: Once a platform is integrated, each user controls their own notification preferences from their account settings.
Step 4: Connect your first data source
With storage, access, and notifications configured, Radiant is ready to receive data. Connect your primary alert source - typically your IAM or EDR - to begin triaging alerts.
Navigate to Connector Library in the left navigation panel.
Select your data source and follow the connector-specific setup instructions.
Verify data is flowing into Radiant. To do this:
Navigate to Log Management in the left navigation panel.
Run a
*query and confirm your data is returned and correctly parsed in the Parsed Events index.
Important: Radiant cannot triage alerts until at least one data connector is active and the ingestion test succeeds.
For a full list of supported connectors and setup instructions, see the Connector Library.
Next steps
Your Radiant environment is configured and ready. Share the User Quickstart with your SOC team so they can start triaging alerts.
Related articles
Last updated
Was this helpful?