Two categories of test users
Role coverage: test every permission level
Add at least one user per role in your system. Mjolnir uses these to check for privilege escalation, testing whether a lower-privileged user can access resources or perform actions they shouldn’t. Suggested roles to cover: Admin, Manager, Viewer Your application may use different role names. Use whatever matches your actual permission model.Tenant isolation: test cross-tenant data leaks
Add users from at least two separate tenants. Mjolnir uses these to verify that one tenant’s data cannot be accessed by another. Minimum: 2 users from different tenants.Adding a test user
Click + Add User to open the add user modal. Fields:- Name: a label for your reference, e.g. “Admin user, Tenant A”
- Role: e.g. Admin, Viewer, Tenant B Manager
- Auth method: how this user logs in (see below)
- Authentication instructions: credentials or login steps for this specific auth method
Supported auth methods
Select the login method that matches how this user authenticates:OAuth via Google Workspace
Microsoft
OAuth via Microsoft / Entra ID
Username & Password
Standard credentials
Username & Password + MFA
Credentials with TOTP/authenticator
Username & Password + Email Verification
Credentials with email code
Username & Password + SMS Verification
Credentials with SMS code
API Key
Direct API key authentication
OAuth Client Credentials
Machine-to-machine OAuth
OAuth Password Grant
OAuth with username & password
Magic Link via Email
Passwordless email login
Other
Custom or multi-step login flows
Next: Code & Documentation
Select the repositories and files Mjolnir should analyse