playbooks

home / skills / bobmatnyc / claude-mpm-skills / vercel-security-access

vercel-security-access skill

/toolchains/platforms/deployment/vercel-security-access

This skill helps secure Vercel projects with RBAC, SSO, deployment protection, firewall, and audit logs to manage access and enforce MFA.

npx playbooks add skill bobmatnyc/claude-mpm-skills --skill vercel-security-access

Review the files below or copy the command above to add this skill to your agents.

Files (2)
SKILL.md
2.7 KB
---
name: vercel-security-access
description: Vercel security and access controls including RBAC, SSO, deployment protection, firewall, bot defense, audit logs, and 2FA. Use when securing Vercel projects or managing access.
progressive_disclosure:
  entry_point:
    summary: "Vercel security and access controls including RBAC, SSO, deployment protection, firewall, bot defense, audit logs, and 2FA. Use when securing Vercel projects or managing access."
    when_to_use: "When working with vercel-security-access or related functionality."
    quick_start: "1. Review the core concepts below. 2. Apply patterns to your use case. 3. Follow best practices for implementation."
---
# Vercel Security and Access Skill

---
progressive_disclosure:
  entry_point:
    summary: "Vercel security and access: RBAC, SSO (SAML/OIDC), deployment protection, firewall, BotID, audit logs, and 2FA."
    when_to_use:
      - "When managing access control and roles"
      - "When securing deployments and endpoints"
      - "When auditing activity and enforcing MFA"
    quick_start:
      - "Enable RBAC and role assignments"
      - "Configure SSO and authentication policies"
      - "Apply deployment protection and firewall"
      - "Review audit and activity logs"
  token_estimate:
    entry: 90-110
    full: 4000-5200
---

## Overview

Vercel security features cover identity, access control, deployment protection, and threat mitigation.

## Access Control

- Use RBAC to define project permissions.
- Configure SAML or OIDC for SSO.
- Require 2FA for sensitive access.

## Deployment Protection

- Apply deployment protection for previews and production.
- Limit access to protected deployments.

## Firewall and Bot Defense

- Use Vercel Firewall to manage traffic rules.
- Use BotID to mitigate automated abuse.

## Audit and Activity Logs

- Review audit logs for compliance.
- Track activity history for user actions.

## Complementary Skills

When using this skill, consider these related skills (if deployed):

- **vercel-teams-billing**: Team settings and account policy.
- **vercel-observability**: Operational visibility for security events.

*Note: Complementary skills are optional. This skill is fully functional without them.*

## Resources

**Vercel Docs**:
- RBAC: https://vercel.com/docs/rbac
- SAML: https://vercel.com/docs/saml
- OIDC: https://vercel.com/docs/oidc
- Deployment protection: https://vercel.com/docs/deployment-protection
- Vercel Firewall: https://vercel.com/docs/vercel-firewall
- BotID: https://vercel.com/docs/botid
- Audit log: https://vercel.com/docs/audit-log
- Activity log: https://vercel.com/docs/activity-log
- Two-factor authentication: https://vercel.com/docs/two-factor-authentication
- Code owners: https://vercel.com/docs/code-owners

Overview

This skill helps secure Vercel projects by centralizing guidance and actions for RBAC, SSO (SAML/OIDC), deployment protection, firewall rules, BotID, audit logs, and two-factor authentication. It is designed to help teams enforce least-privilege access, protect deployments, and detect or block malicious traffic. Use it when you need a practical checklist and configuration steps to harden Vercel accounts and projects.

How this skill works

The skill inspects access controls and security settings and highlights recommended changes: role assignments, SSO configuration, 2FA enforcement, and deployment protection. It reviews firewall and BotID posture and surfaces audit and activity log checks to validate compliance and incident investigation. The skill provides actionable next steps and links to official Vercel docs for each control.

When to use it

  • Onboard or audit team access to ensure RBAC follows least privilege
  • Enable SSO or update SAML/OIDC identity provider settings
  • Protect preview and production deployments before major releases
  • Configure firewall and BotID to reduce automated abuse and DDoS risk
  • Investigate suspicious activity using audit and activity logs
  • Enforce two-factor authentication across sensitive accounts

Best practices

  • Define roles and assign minimal permissions per project and environment
  • Use SAML or OIDC SSO for centralized identity and session controls
  • Require 2FA for organization owners and members with elevated access
  • Apply deployment protection rules for production and critical preview branches
  • Create firewall rules that block known bad actors and limit IP ranges when possible
  • Enable BotID and monitor bot scoring before applying hard blocks

Example use cases

  • Lock down a production project by adding deployment protection and restricting who can deploy
  • Migrate team sign-ins to SSO and enforce 2FA for all members
  • Set up firewall rules and BotID to stop automated scraping and credential-stuffing attempts
  • Run an access review using audit logs to identify stale service accounts and overprivileged roles
  • Protect preview deployments for a security-sensitive feature behind role checks and protected branches

FAQ

Do I need both SSO and 2FA?

SSO centralizes identity and can provide MFA enforcement; require 2FA (or enforce MFA via your identity provider) for accounts with elevated access.

When should I enable deployment protection?

Enable deployment protection for any production or security-sensitive preview environments, especially before major releases or when external contributors can deploy.