Enterprise Security & SSO
SAML 2.0 (BoxyHQ), SCIM 2.0, and SHA-256 chained audit logs for compliance-first teams.
Zero-Trust Foundation
Enterprise SSO (SAML 2.0)
Connect Okta, Azure AD, or Google Workspace via native SAML 2.0 with JIT provisioning (BoxyHQ).
Automated Users (SCIM 2.0)
Native SCIM 2.0 endpoints (RFC 7644) for automated provisioning and deprovisioning of users.
Website Access Tokens
Granular keys with custom expiration policies (30d to 1y) and scoped permissions for third-party apps.
Tamper-Evident Audit Logs
Every mutation is signed and chained via SHA-256 for an immutable, verifiable audit trail.
Cryptographic Audit Logs
Every mutation is logged with a SHA-256 hash, creating an immutable trail for enterprise compliance and security auditing.
Multi-Tenancy 2.0
Native `tenantId` isolation ensures no data leakage between siloed clients or projects.
Compliance & Standards
SOC2/GDPR Readiness
Built-in logs and security protocols mapped to international compliance requirements.
Advanced Cryptography
Argon2 user hashing, SHA-256 audit chaining, and AES-256-GCM data encryption.
JWT Rotation Cycle
High-frequency access token rotation with immediate blacklisting on compromise.
Role-Based Gating (RBAC)
Granular permissions with isomorphic guards that run on both client and server.