Quick Start Guide

Launch your first NidFul program or claim your researcher profile in under 30 minutes.

6 min readUpdated Oct 12, 2025Getting StartedNew

Quick Start Guide

This guided setup walks you through the essentials of launching a NidFul presence—either as a security researcher or as an organization preparing its first disclosure program. You can complete the workflow in thirty minutes by following the same acceleration lessons refined across NidFul launches.

1. Claim or Create Your Account

Visit nidful.com and select Join NidFul.
Choose your role:
- Researcher accounts require a valid email, strong password, and two-factor authentication (2FA) from the outset.
- Organization accounts request company verification data (legal name, domain ownership proof, and primary security contact).
Verify your email address and configure 2FA using either TOTP or a FIDO2 key.

Prefer hardware-backed MFA

Attackers often target researcher profiles and program admin accounts. Hardware keys provide phishing-resistant protection and are supported across the platform.

2. Complete Your Profile

Researchers should add a short bio, primary focus areas, and proof of past work (writeups, CVEs, or GitHub links). NidFul uses this data to recommend programs and unlock private invites.
Organizations should list key domains, brands, or mobile apps. This gives researchers clarity on who they are collaborating with and aligns with NDPR/POPIA disclosure requirements.

3. Configure Notifications

Head to Settings → Notifications to decide how you want to receive updates. We recommend:

Real-time push or email alerts for new submissions and status changes.
Daily digests for analytics and leaderboard updates.
Webhook endpoints (organizations only) for synchronizing with ticketing tools like Jira or Linear.

4. Launch Your First Action

Researchers: Join a recommended public program and bookmark the policy page for later reference. Review the scope, payout grid, and safe-harbor text before testing.
Organizations: Publish a draft VDP with baseline scope. You can lock it to invite-only researchers until your team is confident in the workflow.

5. Verify the Workflow

Submit a sample report (you can flag it as training), ensuring triage notifications reach the right inboxes.
Move the report through Triage → Assigned → Fixed → Verified to confirm the lifecycle.
Export analytics to validate that your leadership dashboard reflects the activity.

What’s Next?

Bookmark the Platform Overview to learn about permissions, automation, and analytics.
Researchers can explore the Submitting High-Impact Reports guide.
Organizations should review Designing Effective Programs for incentive strategy and SLAs.

Completing these steps aligns you with the baseline best practices used by leading African programs that were modelled after NidFul's proven playbook. You now have a secure entry point into the NidFul ecosystem.