Skip to main content

General Settings in Harness 3.0

Last updated on

The Settings page provides centralized configuration for your Harness account. It is organized using a tabbed navigation structure that groups related settings into logical categories.

Settings Tabs

The Settings page uses a horizontal tab bar with the following categories: All, General, Account-level Resources, GitOps, Access Control, Security and Governance, Subscriptions, and External Tickets. Selecting a tab filters the visible settings cards to that category.

To access the Settings page, click More... on the Harness navigation menu and select General Settings.

General Settings

General settings control account-wide configuration that applies across all organizations and projects. These settings are typically configured once during initial setup and updated infrequently.

SettingDescription
Account DetailsView and edit account name, account ID, default locale, and timezone settings. Includes the account-level avatar and display configuration.
Default SettingsConfigure default values that apply to new organizations and projects, including default connectors, secret managers, and pipeline settings.
Cloud Cost IntegrationSet up cloud provider billing integrations for cost management. Connect AWS, GCP, and Azure billing accounts to enable Cloud Cost Management features.
SMTPConfigure SMTP server settings for outbound email notifications, pipeline alerts, and approval request emails.
NotificationsManage notification channels and routing rules. Configure Slack, PagerDuty, email, and webhook notification endpoints.
Chaos Image RegistrySpecify a custom container image registry for Chaos Engineering experiment images. Required when running in air-gapped environments.
BannersCreate and manage announcement banners that are displayed to all users in the account. Useful for maintenance windows and important notices.

Account-level Resources

Account-level resources are shared across all organizations and projects within the account. Creating resources at the account level reduces duplication and simplifies management for platform administrators.

ResourcePurposeUse Case
ServicesDefine application services that can be deployed across projects.Shared microservices referenced by multiple teams.
EnvironmentsDefine deployment target environments at the account level.Shared dev, staging, and production environments.
ConnectorsIntegration endpoints for cloud providers, SCMs, and registries.Shared AWS, GCP, GitHub, and Docker Hub connectors.
DelegatesWorker agents that execute pipeline tasks in your infrastructure.Shared delegate pools for multiple projects.
SecretsSecure storage for credentials, tokens, and certificates.Shared API keys and service account credentials.
File StoreManaged file storage for configuration files and scripts.Shared deployment scripts and configuration templates.
TemplatesReusable pipeline, stage, and step definitions.Organization-wide pipeline standards and best practices.
VariablesNamed values accessible via expressions in pipelines.Shared configuration values like region names or cluster URLs.
Chaos HubsRepositories of chaos experiment definitions.Shared chaos experiment libraries for reliability testing.
OverridesService and environment override definitions.Account-wide variable overrides for different environments.
CertificatesTLS certificate management for delegate and connector communication.Custom CA certificates for internal PKI infrastructure.
WebhooksWebhook endpoint configuration for external integrations.Event-driven integrations with external ticketing and notification systems.
IaCM Module RegistryPrivate module registry for Infrastructure as Code modules.Shared Terraform/OpenTofu modules for standardized infrastructure provisioning.
ProvidersInfrastructure provider configuration for IaCM workspaces.Shared cloud provider definitions for Terraform runs.
Resource Scope Best Practice

Create resources at the highest scope where they are shared. If a connector is used by all projects, create it at the account level. If it is specific to a single team, create it at the organization level. This reduces duplication and simplifies credential rotation.

Access Control

Access Control settings manage who can access resources and what actions they can perform. Harness uses a role-based access control (RBAC) model with users, roles, resource groups, and service accounts.

ComponentDescription
User ManagementInvite, manage, and remove users. Assign users to groups and roles. View active sessions and login history.
Role DefinitionsCreate and manage roles that define a set of permissions. Built-in roles include Account Admin, Organization Admin, Project Admin, Pipeline Executor, and Viewer.
Resource GroupsDefine groups of resources that a role applies to. Resource groups can include specific resources or all resources of a given type within a scope.
Permission AssignmentsBind users or user groups to roles within resource groups. This is the mechanism that grants access: User + Role + Resource Group = Permission.
Service AccountsNon-human identities for automated access. Service accounts are assigned roles and used for API integrations, CI/CD automation, and external tooling.
API KeysGenerate and manage API keys for service accounts and user accounts. API keys are used for authenticating API requests and webhook callbacks.

Security and Governance

Security and Governance settings provide controls for authentication, network security, audit compliance, and policy enforcement across the platform.

SettingDescription
Authentication SettingsConfigure authentication methods including username/password, two-factor authentication (2FA), and session timeout policies.
SSO ConfigurationSet up single sign-on with SAML 2.0 or OAuth 2.0 identity providers. Supports Okta, Azure AD, Google Workspace, and other SAML/OAuth providers.
IP AllowlistingRestrict platform access to specific IP addresses or CIDR ranges. Separate allowlists can be configured for UI access and API access.
Audit LogsView and export a comprehensive audit trail of all actions performed in the account. Audit logs capture user actions, API calls, and system events with timestamps and metadata.
Compliance PoliciesDefine and enforce compliance policies using OPA (Open Policy Agent). Policies can be applied to pipelines, deployments, and resource creation.
Governance RulesConfigure governance rules for cost management, resource usage, and deployment practices. Rules can generate warnings or block non-compliant actions.
Security Best Practice

Enable SSO and two-factor authentication for all production accounts. Configure IP allowlisting to restrict access to known corporate networks. Review audit logs regularly to detect unauthorized access or configuration changes.