User Authentication
All users must authenticate before accessing any system. We support:
- Multi-Factor Authentication (MFA): Available for all user accounts
- Single Sign-On (SSO): SAML-based SSO integration compatible with various identity providers including Azure Active Directory
- Just-In-Time (JIT) Provisioning: Via SAML/SSO
Principle of Least Privilege
Access is granted on a need-to-access basis . System administrators use different user accounts when conducting non-administrative duties. All default accounts are disabled.
Account Management
- Account Creation: Customer administrators manage their own user accounts, with options for JIT provisioning via SSO
- Account Deactivation: Accounts are disabled immediately upon notification from the customer administrator or in accordance with the agreed-upon offboarding timeline (within 24 hours)
- Account Reviews: We conduct periodic reviews of employee and contractor accounts to confirm legitimacy, cross-referencing against current employment lists
- Inactive Accounts: Inactive accounts are identified and disabled or deleted according to our policies
Session Controls
User sessions automatically lock after a configurable period of inactivity.