1.6 updates

Author: summitt

…Integrate Faction into OIDC Solutions.md …Integrate Faction into OIDC Solutions.mddocs/Integrate Faction into OIDC Solutions.md renamed to docs/Authentication/Integrate Faction into OIDC Solutions.md docs/Integrate Faction into OIDC Solutions.md renamed to docs/Authentication/Integrate Faction into OIDC Solutions.md

@@ -87,4 +87,11 @@ Your Setup should look like the following:
 
 ![](files/Pasted%20image%2020231218082756.png)
 
-When the new user reaches the Login Screen they can enter just their username without a password and click **Login**. Faction will redirect the user to the configured Authentication Provider and redirect back.
+When the new user reaches the Login Screen they can enter just their username without a password and click **Login**. Faction will redirect the user to the configured Authentication Provider and redirect back.
+
+## Custom SignOn URLS
+You can bypass the username and password form by bookmarking the below URL. This ensures you don't need to enter a Username just to be redirected to your SSO portal where the user needs to enter their Username again. The below URL will redirect directly to your configured SSO portal for ODIC.
+
+```
+https://YOURHOST/sso/oauth
+```

docs/Authentication/SAML MS Entra ID Configuration.md

@@ -0,0 +1,59 @@
+---
+tags: [Authentication, Core Features]
+date: 2025-05-28
+---
+## Overview
+This tutorial will walk you through the steps required to set up Faction with your Microsoft Entra ID Single Sign On using SAML
+
+## Configuring Entra ID in Azure
+
+1. Open the Azure Console and navigate to "Entra Id"
+   ![](/files/Pasted%20image%2020250528231939.png)
+2. Navigate to Enterprise Applications:
+3. Click "New Application"
+4. Click "Create your own application."
+5. Enter a name (i.e Faction SAML) and select "Integrate any other application you don't find in the gallery (Non-gallery)" radio button.
+6. Click Manage->"Single Sign On", then select SAML
+   ![](/files/Pasted%20image%2020250528232758.png)
+7. Click 'Edit' under "Basic SAML Configuration"
+8. Under Identifier (Entity ID) enter the following URLs:
+   - `https://yourfactionurl.com/saml2/callback?client_name=SAMLClient`
+   - `https://yourfactionurl.com/saml2/callback`
+1. Under "Reply URL (Assertion Consumer Service URL)"  add the following reply url:
+   - `https://yourfactionurl.com/saml2/callback?client_name=SAMLClient`
+   - `https://yourfactionurl.com/saml2/callback`
+1. If your config looks like the image below, then click 'Save'
+    ![](/files/Pasted%20image%2020250529222514.png)
+2. Now navigate to "Single Sign On" and copy the "App Federation Metadata Url". This will be used in the next section.
+    ![](/files/Pasted%20image%2020250529083833.png)
+
+## Finish Configuration in FACTION
+With the Federation URL copied, you are now ready to finish the configuration on the  Faction side. 
+1. Log in to Faction as an admin
+2. Navigate to Administration->Users
+3. Scroll to the bottom and enter the URL we copied from step 11 above into "App Federation Metadata Url" input box.
+4. Click Save
+
+## Configure a User for SAML Authentication
+1. Log in to Faction as admin
+2. Navigate to Administration->Users
+3. Click Add User
+4. Set the following parameters:
+   - Set username to the first part of the email address. 
+   - Enter the first and last name of the user
+   - Leave the password blank
+   - Set the email address. It MUST match the email address of the user managed in Entra ID
+   - Set the "Authentication Method" to SAML2
+     ![](/files/Pasted%20image%2020250529222945.png)
+1. Click Save
+   
+## Login with SAML
+SAML users only need to enter their username and submit login. Faction will automatically redirect the user to SSO login form.
+
+## Custom SignOn URLS
+You can bypass the username and password form by bookmarking the below URL. This ensures you don't need to enter a Username just to be redirected to your SSO portal where the user needs to enter their Username again. The below URL will redirect directly to your configured SSO portal for SAML.
+
+```
+https://YOURHOST/sso/saml
+```
+

docs/Faction App Store Extensions.md

@@ -5,13 +5,20 @@ weight: 1
 ---
 
 
-Below is a List of Approved Faction Extensions. These all work with Faction 1.2+
+List of Approved Faction Apps
 
 | Name | Developer | URL |
 | --- | --- | --- |
-| Faction Jira Integration | Faction Security | [https://github.com/factionsecurity/Faction-Jira-Extension](https://github.com/factionsecurity/Faction-Jira-Extension) |
-| Faction Vulnerability Bar Chart | Faction Security | [https://github.com/factionsecurity/Faction-Vulnerability-Bar-Chart](https://github.com/factionsecurity/Faction-Vulnerability-Bar-Chart) |
+| Faction Jira Integration | Faction Security | https://github.com/factionsecurity/Faction-Jira-Extension |
+| Faction Vulnerability Bar Chart | Faction Security | https://github.com/factionsecurity/Faction-Vulnerability-Bar-Chart |
+| Faction Checklist Reporting | Faction Security | https://github.com/factionsecurity/checklist-report-extension/releases |
+
+
+## Info on Building a Faction Extension
+- [App Store Extension API](https://docs.factionsecurity.com/APIS/App%20Store%20Extension%20API)
+- [JIRA Example](https://docs.factionsecurity.com/APIS/JIRA%20App%20Integration%20Example)
+
+## Submit an Extension
+Send an email to develop [ at ] factionsecurity [dot] com with a link to to your github and a brief explanation of what it does. 
 
 
-# Submit an Extension
-Send an email to develop [ at ] factionsecurity [dot] com with a link to your github and a brief explanation of what it does. 

docs/Managed FACTION Setup.md docs/Hosting/Managed FACTION Setup.mddocs/Managed FACTION Setup.md renamed to docs/Hosting/Managed FACTION Setup.md

@@ -0,0 +1,61 @@
+---
+tags: [Reporting, Customize, Variables, Checklists, Assessments, Extensions, App Store]
+date: 2025-07-08
+---
+
+### Overview 
+When conducting frequent penetration tests, having assessment-specific checklists that all assessors follow and document is critical for ensuring consistency, thoroughness, and accountability. These checklists act as structured guides that standardize testing procedures, helping teams avoid oversights and maintain coverage across all critical areas of an environment. Without them, even experienced assessors may miss essential steps due to time constraints, complexity, or assumptions about low-risk areas. A well-maintained checklist also ensures that repeatable methodologies are applied across engagements, making results more reliable and easier to compare over time.
+
+Additionally, documented checklists provide transparency for clients and stakeholders by showing exactly what was tested and how. This supports compliance requirements, helps justify findings, and allows for more meaningful remediation planning. In team environments, it also facilitates knowledge sharing, onboarding of new assessors, and quality assurance reviews. Ultimately, standardized checklists are a foundational practice for delivering high-quality, trustworthy, and defensible penetration testing services.
+
+ Faction includes built-in support for Checklists in both the Open Source and Enterprise versions. You can create and manage as many checklists as needed—such as OWASP Top 10, Mobile Assessment Checks, or Network Assessment Tests. Once added, these checklists can be enforced as part of your assessments and even integrated into Peer Reviews. This provides an excellent way to ensure that assessments remain consistent, thorough, and aligned with best practices.
+
+## Adding a Checklist 
+In this example we will an OWASP Top 10 Checklist.
+
+1. Navigate to Admin->Checklists
+2. Click **Create new checklist**
+3. Start adding items to the checklist. 
+4. Ensure you check the Assessment Type at the bottom under **Required For**. This ensures checklists are assessment specific. 
+![](/files/Pasted%20image%2020250708014034.png)
+
+## Filling Out Checklists in Assessments
+There is a **Checklists** tab in *Assessments*. The assessor will need to add checklists that are required for this assessment type. ***The assessment cannot be finalized until all checklist items are validated. ***
+![](/files/Pasted%20image%2020250708014420.png)
+
+## Adding Checklists to Reports (Optional)
+In addition to making it a sanity check for your assessments you can choose to add certain checklist to your generated reports using one of our App Store Extensions. 
+
+### Enable the CheckList Extension
+Follow these steps to add a checklist to your assessment. 
+
+1. Download the [CheckList Extension here](https://github.com/factionsecurity/checklist-report-extension/releases)
+2. Navigate to Admin->AppStore
+3. Click **Install Extension** from the upper right
+4. Upload faction-report-checklist-X.X.jar
+5. Click Install
+6. Back on the Installed Extensions table switch the extension to **On**
+	![](/files/Pasted%20image%2020250708012904.png)
+
+### Update The Report Template
+Checklists can be added anywhere to your report using variable names. The variable name is based on the title of your checklist. For instance if you created a checklist named ***OWASP TOP 10***, then the variable name will be `${checklist-owasp-top-10}`.
+
+![](/files/Pasted%20image%2020250708015655.png)
+
+Once the report template is updated, the report can be generated from the **Finalize** tab in the assessment. The default result will look like the following:
+
+![](/files/Pasted%20image%2020250708015518.png)
+
+### Customizing the CheckList Extension Output
+The Checklist Extension has several configureable options. You can change text thats printed on Pass, Fail, or N/A status. You can also change the background and foreground colors. 
+
+To configure the extension, navigate to Admin->App Store and select the Checklist Extension. There are options at the bottom of the screen. 
+
+![](/files/Pasted%20image%2020250708020140.png)
+
+
+
+
+
+
+

docs/Self-Hosted FACTION Setup.md docs/Hosting/Self-Hosted FACTION Setup.mddocs/Self-Hosted FACTION Setup.md renamed to docs/Hosting/Self-Hosted FACTION Setup.md

@@ -1,5 +1,5 @@
 ---
-tags: [Reporting, Customize]
+tags: [Reporting, Customize, Variables]
 date: 2024-02-12
 ---
 

docs/Reporting/Assessment Checklists.md

@@ -0,0 +1,92 @@
+---
+tags: [ Reporting, Enterprise, Paid Feature, Managed, Variables]
+date: 2025-07-07
+---
+!!! note
+	This is an Enterprise Only Feature
+	
+In the open source version, rich text support is limited to two predefined sections: **Executive Summary** and **Risk Assessment**. The Enterprise edition introduces **Rich Text Custom Variables**, allowing you to define additional rich text sections within your reports. This gives you significantly more flexibility and control over report structure and presentation, beyond the default sections.
+
+The following tutorial shows you how to add these to your reports. 
+
+### Create the Custom Variable
+1. Navigate to Admin->Settings
+2. Enter a title into the **Field Name Display**
+3. Enter a variable name ***WITHOUT SPACES***
+4. Select **RichText** from the **DataType**
+5. Choose where this field is applicable (Assessment or Vulnerability)
+
+In this Example we will create a custom Scoping Field that we can add anywhere in the report. 
+![](/files/Pasted%20image%2020250707235330.png)
+
+### (Optional) Create Boiler Plate text 
+You can create a default text to be easily recalled into any of these custom variables. In this example we will continue with adding a template for Scope:
+
+1. Navigate to Templates->Assessment Templates
+   ![](/files/Pasted%20image%2020250707235828.png)
+2. Select the newly created Template and any custom text:
+   ```
+   The scope included the ${asmtName}  site’s test environment with the most current version at the time of testing. The testing started ${asmtStart} and ended on ${asmtEnd}. The testing was performed against this site in order to cause minimal disruptions to the production site.
+   
+	| @cols=2:Assessment Scope |
+	| ------------ | --------- |
+	| **QA Main URL** |        |
+	| **Subdomains In Scope**| |
+
+   ```
+![](/files/Pasted%20image%2020250708001457.png)  
+   3. Save the Template
+
+### Update the Report Template
+1. Take the your report template and add a new section. In this example we will add a Scope Section.
+2. Enter the variable name `${cfAssessmentScope}`. This variable is text entered in Step3 above and prepended with `cf` for Custom Field.
+	![](/files/Pasted%20image%2020250708001840.png)
+3. Upload your report Template ( Templates->Report Designer )
+
+### Editing Rich Text Variables in Assessments and Vulnerabilities
+Once the field is added it will show up on the next assessment thats created. Double click *Assessment Scope* in the templates options on the far right. This will add our boiler plate text (optional step above) to the report. 
+![](/files/Pasted%20image%2020250708003445.png)
+
+!!! note
+	If you have an existing assessment assigned to an assessor before the field is created then the new field will not be visible until you resave the assessment. 
+	If the user has permissions then they will see a *Edit* button in the title of the assessment. This will open the assessment in **Scheduling** and allow you to resave it. 
+	Otherwise you will need someone with **Scheduling** permissions find it and resave it. 
+	*You don't need to make any changes to the assessment. Just save it. *
+
+
+Now you can generate the report (Assessment->Finalize->Generate Report). This will build the report with our new custom variables populated. 
+
+![](/files/Pasted%20image%2020250708004052.png)
+
+
+### Advanced Formatting
+You can further enhance the appearance of your report by editing the CSS in the **Report Designer**. This allows you to apply custom styles specifically to this custom variable without affecting the global report template.
+
+!!! note
+	The name of the custom variable is used as a CSS class. All content entered in the Rich Text Editor is automatically wrapped in a `<div>` with that class name, for example: `<div class="VariableName">Rich Text Content Here</div>`.
+
+
+Continuing with our example of adding a Scope section, follow these steps to add custom style to the Scope Table so that the header matches our theme:
+
+1. Navigate to Templates->Report Designer
+2. Click **Edit CSS**
+3. Append the following CSS to the form. **Note AssessmentScope as the class name**
+   ```
+   .AssessmentScope th {
+	   height: 40px;
+	   text-align: center;
+	   color: white;
+	   background-color: #04A4EB;
+   }
+   ```
+
+	![](/files/Pasted%20image%2020250708005218.png)
+4. Save it
+5. Regenerate your report
+   
+   ![](/files/Pasted%20image%2020250708005351.png)
+
+
+
+   
+