Select release
Introduction

Home

System Requirements

Installation

Configuration

Reference

Architecture

Data Categorization

Configuration Properties

Post-Install Configuration

Edit on Github Send Feedback develop

After the database schema has been applied and all services are running, a small number of initial records must be created directly in the database. These records establish the first administrator account with roles needed to log into the web console.

Creating Organization Record

An organization is the top-level entity in Mobile In-App Protection. Every user account and every monitored mobile application must be associated with an organization. Multiple organizations can coexist in the same database, which makes it possible to serve several independent teams from a single deployment. Organizations are isolated from one another, they cannot access each other’s data without explicit invitation, or without having super-admin role.

The organization record must be created before any user accounts. Use following command to create an organization called ACME Corporation. The name column is a human-readable label displayed in the web console.

INSERT INTO mlw_organization(name)
VALUES ('ACME Corporation');

Creating Admin User

Authentication is required to access the web console or REST API directly. Because there is no unauthenticated registration endpoint, the first administrator account must be inserted directly into the database. Once this account is created, additional users can be invited through the web console.

Roles Overview

Each user is assigned one or more roles stored in the mlw_authority table. The following roles are available:

Role name Description
ROLE_CONSOLE_API Grants basic read access to the web console, required for all users who need console access
ROLE_CONSOLE_API_DEVELOPER Has access to application credentials to configure SDK
ROLE_DEVICE_API Used by a mobile application to authenticate when reporting security telemetry
ROLE_CONSOLE_API_ORGANIZATION_ADMIN Administrator scoped to a single organization
ROLE_CONSOLE_API_ADMIN Global super-administrator with full access across all organizations

Generating a Password

Generate a random password using openssl:

openssl rand -base64 12

Example output:

0k4Vyn4A87VtOkEG

Passwords for the web console access are stored as bcrypt hashes. Use htpasswd to produce the hash:

htpasswd -bnBC 12 "" 0k4Vyn4A87VtOkEG | tr -d ':'

Example output:

$2a$12$uZbWUhbRxqHwz5IYqg21LO.LHNhuKFM2SoA56ozAezyGMQdFpDJwe

Store the plaintext password in a secure location, as it is needed for login later. You can now put this all together and store the user in the database. Note that the password hash must be prefixed with {bcrypt} before insertion. The username should be a valid email address to allow emailing functionality later.

INSERT INTO mlw_user(name, username, organization_id, password, enabled)
VALUES ('System Admin',
        '[email protected]',
        (SELECT id FROM mlw_organization WHERE name = 'ACME Corporation'),
        '{bcrypt}$2a$08$uZbWUhbRxqHwz5IYqg21LO.LHNhuKFM2SoA56ozAezyGMQdFpDJwe',
        true);

INSERT INTO mlw_authority(user_id, authority)
VALUES ((SELECT id FROM mlw_user WHERE username = '[email protected]'),
        'ROLE_CONSOLE_API'),
       ((SELECT id FROM mlw_user WHERE username = '[email protected]'),
        'ROLE_CONSOLE_API_ADMIN');

You can now log in to the web console using the email address and the password.

Last updated on Apr 17, 2026 (14:27) Edit on Github Send Feedback
On this page:
Search

develop

In-App Protection