Skip to main content

Accessing the CxSAST Web Interface

Once CxSAST has been installed, you have to create an Administrator user account before logging in for the first time. The Admin user, who will be a member of the CxServer Team (the top level in the hierarchy) has full permissions to manage all applicable users, roles, teams, server settings, and projects.

Registering a new User

  • For local access (server host) - Use the Checkmarx Portal shortcut on the desktop or navigate to the Checkmarx folder (Start > All Programs > Checkmarx > Checkmarx Portal).

  • For access from any other computer enter http://<server>/cxwebclient/login.aspx where <server> reflects the IP address or resolvable hostname of the CxSAST server.


If '3rd party cookies' are disabled in your browser, you will not be able to log into the CxSAST Web Interface via 'http://localhost'. In this case, you have to use 'http://<FQDN>', where <FQDN> stands for Fully Qualified Domain Name and consists of both the hostname and the domain name (for example

  1. Enter the required Administrator user account information.

  2. Define the required password according to the following requirements:

    • 9 to 400 characters

    • At least 1 uppercase letter

    • At least 1 lower case letter

    • At least 1 special character

    • At least 1 digit

  3. Click <Register>. You are directed to the Checkmarx Login page.

Logging In

To log in, do the following:

  1. Access the Checkmarx portal as explained above.

  2. Enter the user name and password that you defined when registering as a new user.



  • The 'Login' and 'Change Password' pages appear always in English regardless of the selected local language.

  • Starting with Access Control 2.1, the logo and the login banner can be replaced with images of your own as explained.

  • You can subsequently change the Administrator password and add CxSAST users.

Session Timeout

A session timeout warning message appears when two thirds of the default idle time (default = 24 hours) have passed. If the token is valid, clicking <OK> allows you to continue the current session. If the token has already expired, clicking <OK> redirects you to the login page and a new login is required