> For the complete documentation index, see [llms.txt](https://docs.stepsecurity.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.stepsecurity.io/administration/user-settings.md).

# User Settings

User Settings is where you configure your personal credentials and defaults for how StepSecurity behaves when acting on your behalf. Settings here are scoped to you as an individual user, not to your organization or tenant.

### Opening User Settings

Click your avatar in the top right of the StepSecurity app and select User Settings.

<figure><img src="/files/5ltFvJV01kDTMC5266rK" alt=""><figcaption></figcaption></figure>

### Available sections

User Settings has four sub-pages:

* Personal Access Token: Store the GitHub Personal Access Token (PAT) that StepSecurity uses to orchestrate workflows on repositories you own
* Workflow Templates: Point StepSecurity at a GitHub repository that contains your own custom workflow templates, so they appear alongside the built-in ones during orchestration
* Orchestrate Options: Toggle the security controls that StepSecurity applies when it orchestrates a repository, such as restricting `GITHUB_TOKEN` permissions, adding `step-security/harden-runner`, and pinning Actions to full-length commit SHAs
* Pull Request: Customize the title, commit message, and description that StepSecurity uses on the pull requests it opens


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.stepsecurity.io/administration/user-settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.