Help Center

After signing up, complete these steps to get your account ready: (1) Go to your Profile page and fill in your company name, industry, and employee count — this personalizes your benchmark comparisons. (2) Upload your company logo if you are on a paid plan — it appears on your PDF reports. (3) Set an assessment reminder so your team stays on a regular cadence. (4) If you are on a Team or Enterprise plan, invite your colleagues from the Team page.

The checklist appears on your dashboard after your first login. It tracks five setup steps. Once all five are marked complete, the checklist is permanently dismissed and your dashboard returns to its default view.

On the sign-in page, select "Continue with Microsoft." You will be redirected to Microsoft to authenticate, then returned to your BESTcyberIQ dashboard. No separate password is needed. Microsoft login is available on all plans.

The assessment contains 98 questions across six NIST CSF 2.0 domains. Most users complete it in 20–30 minutes. Each section displays an estimated time remaining so you can pace yourself.

Yes. Your answers are saved automatically as you progress. You can close your browser, switch devices, or come back the next day — your draft will be waiting. From the dashboard, a resume card appears showing how far you got. You can also choose to start fresh, which clears your saved draft.

Yes. If you have completed at least one prior assessment, you will be offered the option to pre-fill your answers from your most recent submission before starting. Pre-filled answers are highlighted so you can easily review and update anything that has changed. This is useful for tracking progress over time without starting from scratch.

The assessment covers Govern, Identify, Protect, Detect, Respond, and Recover — the six functions of the NIST Cybersecurity Framework 2.0. Each domain addresses a different aspect of your organization's cybersecurity posture. Your results are scored per domain so you can see exactly where you are strong and where gaps exist.

Your overall score reflects your organization's cybersecurity maturity across all six NIST CSF 2.0 domains. Scores range from 0.0 to 5.0. A higher score indicates a more mature and consistently implemented security program. The radar chart on your dashboard breaks the score down by domain so you can see which areas are performing well and which need attention.

BESTcyberIQ displays an industry benchmark alongside your score based on your selected industry. This gives you context for where your organization stands relative to peers. Benchmarks are displayed on the dashboard and assessment detail pages.

After completing your assessment, BESTcyberIQ surfaces prioritized recommendations based on the gaps identified in your responses. Recommendations are grouped by NIST CSF 2.0 domain and are available in full to paid subscribers. Free users see a limited preview. Recommendations are intended to give you a clear action plan — not just a score.

From any completed assessment detail page, click "Download PDF Report." The report is generated instantly and includes your scores by domain, a radar chart, and your top recommendations. Paid plan subscribers have their company logo included on the cover page. The PDF is suitable for sharing with your board, auditors, or cyber insurance broker.

From the dashboard or assessment detail page, click "Share Results" to generate a secure read-only link. Anyone with the link can view your results without signing in. You control access — links can be revoked individually or all at once from the Team page. Sharing is available to all paid tiers.

From the Team page, scroll to the Invite section. Enter your colleague's email address and select their role, then send the invite. They will receive an email with a link to join. Pending invites are listed on the Team page until accepted. Team plans support up to 25 members; Enterprise plans are unlimited.

BESTcyberIQ has four roles: Owner (full access, billing control, can transfer ownership), Admin (manage members and settings, cannot change billing), Contributor (can run assessments), and Viewer (read-only access to results). Roles are assigned when sending an invite and can be changed afterward.

From the Team page, scroll to the Ownership Transfer section. Select the member you want to transfer ownership to and confirm. Ownership transfer is immediate. The previous owner remains in the organization as an Admin unless removed.

From the Team page, Team and Enterprise owners and admins can enable the "Require MFA" toggle under the Security section. Once enabled, any team member who has not enrolled in MFA will be prompted to set it up before they can access the platform. This applies to email/password users only — members using Microsoft or SSO login are managed by their identity provider.

SAML SSO (Security Assertion Markup Language Single Sign-On) allows your organization to authenticate BESTcyberIQ users through your existing identity provider instead of separate passwords. BESTcyberIQ supports Microsoft Entra ID (formerly Azure AD) and Okta on the Enterprise plan. Once configured, users on your domain are automatically directed to your identity provider at login — BESTcyberIQ never manages their passwords or MFA.

Before you begin, ensure you are on the Enterprise plan and have Global Administrator or Application Administrator rights in your Azure tenant. Step 1 — Register BESTcyberIQ in Entra ID: In the Azure portal, go to Microsoft Entra ID → Enterprise Applications → New application → Create your own application. Name it BESTcyberIQ and select "Integrate any other application you don't find in the gallery." Step 2 — Configure SAML: On the app page, go to Single sign-on → SAML. Set the Identifier (Entity ID) to: https://[your-supabase-project].supabase.co/auth/v1/sso/saml/metadata and the Reply URL (ACS URL) to: https://[your-supabase-project].supabase.co/auth/v1/sso/saml/acs. Add attribute mappings for email, given_name, and family_name. Step 3 — Assign users: Under Users and Groups, assign the users or groups who should have access to BESTcyberIQ. Step 4 — Activate SSO in BESTcyberIQ: From your Profile page, go to the SSO section and enter your Entra ID Federation Metadata URL (found on the SAML setup page in Azure). Submit the request. An admin will activate it for your domain. Once active, users on your domain will see an SSO login option automatically. Contact william@bestcyberiq.com if you need your ACS URL and Entity ID or assistance completing setup.

Before you begin, ensure you are on the Enterprise plan and have Okta administrator rights. Step 1 — Create a SAML app in Okta: In your Okta admin console, go to Applications → Applications → Create App Integration → SAML 2.0. Name it BESTcyberIQ. Step 2 — Configure SAML settings: Set the Single sign-on URL (ACS URL) and Audience URI (SP Entity ID) to the values provided by BESTcyberIQ (contact william@bestcyberiq.com to receive these). Set Name ID format to EmailAddress and Application username to Email. Step 3 — Add attribute statements: In the SAML settings under Attribute Statements (legacy configuration), add three mappings: email → user.email, given_name → user.firstName, family_name → user.lastName. Step 4 — Assign users: Go to the Assignments tab and assign the users or groups who should access BESTcyberIQ. Step 5 — Get your metadata URL: On the Sign On tab, right-click "Identity Provider metadata" and copy the link. It will look like: https://your-org.okta.com/app/[app-id]/sso/saml/metadata. Step 6 — Activate SSO in BESTcyberIQ: From your Profile page, go to the SSO section and enter your Okta metadata URL. Submit the request. Once activated, users on your domain will be directed to Okta at login. Contact william@bestcyberiq.com if you need your ACS URL and Entity ID or assistance completing setup.

If members of your organization already have BESTcyberIQ accounts using email and password, their accounts are automatically linked to SSO when it is activated for your domain. Their assessment history, scores, and recommendations are preserved. On their next login they will be directed to your identity provider — no data is lost and no action is required from them.

Yes. BESTcyberIQ administrators are always authenticated via email and password regardless of whether SSO is active on their domain. This ensures admin access is never dependent on the availability of a third-party identity provider.

First confirm the user is assigned to the BESTcyberIQ application in your identity provider (Entra ID or Okta). Unassigned users will be blocked at the IdP before reaching BESTcyberIQ. If the user is assigned but still cannot log in, contact william@bestcyberiq.com with the user's email address and we can check their identity provider linkage on our end.

Pro, Team, and Enterprise plan Owners and Admins only. Contributors, Viewers, and Free/Trial users do not have access.

Member Activity shows each team member's email, role, last login date, number of assessments completed, and their most recent score. This gives owners and admins visibility into how actively the team is using the platform.

The Activity Log records security-relevant events including logins, assessments completed, shared links created and revoked, MFA enrollment and unenrollment, team member invites and joins, and ownership transfers. Log retention depends on your plan tier.

Log retention is tier-based. Longer retention is available on higher-tier plans. If your compliance requirements need extended log history, contact us at william@bestcyberiq.com to discuss options.

BESTcyberIQ offers four plans: Free (one assessment, limited recommendations), Pro ($199.99/mo — unlimited assessments, full recommendations, PDF report with company logo, shareable results link), Team ($499/mo — everything in Pro plus up to 25 members, RBAC roles, team invites, activity logs), and Enterprise ($1,499/mo — everything in Team plus unlimited members, SAML SSO via Microsoft Entra ID, white-label PDF, extended log retention). Annual plans are available at a 17% discount.

Go to the Team page and click on your current plan under the License section. You will be taken to the billing page where you can select a new tier and complete payment via Stripe. Upgrades take effect immediately.

From the Team page, click your current plan. On the billing page, select the annual billing option for your tier. Annual plans are billed once per year at a 17% discount compared to monthly.

Yes. SAML SSO (via Microsoft Entra ID) is available on the Enterprise plan. You can configure SSO self-service from your Profile page once on an Enterprise plan. Members who sign in via SSO are authenticated by your identity provider — BESTcyberIQ does not manage their passwords or MFA.

You can cancel from the Team page under the License section. Your access continues until the end of your current billing period. No refunds are issued for unused time on monthly or annual plans.