Platform · Admin
Role-based access without the spreadsheet.
Custom roles, multi-site scoping, MFA, SSO, just-in-time elevation — managed from one console, audited automatically.
Capabilities
Six controls. One access plane.
Custom roles
Compose roles from 200+ atomic permissions. Inherit, override, scope by site.
Multi-site scoping
A regional manager sees their 8 sites, not all 80. Enforced at the database layer.
SSO + MFA
SAML 2.0, OIDC, Google, Microsoft. TOTP MFA required for admin roles, optional for others.
Just-in-time access
Temporary elevation requires approval + expires automatically. Every grant audit-logged.
Access review report
Quarterly report of who has access to what — formatted for your auditor.
User lifecycle
Onboard via SCIM, off-board via SSO de-provisioning, with a 30-day soft-delete window.
Architecture
Identity in, RBAC out.
Identity provider
Your IdP (Google, Microsoft, Okta, etc) via SAML/OIDC. Group claims map to roles.
- SAML/OIDC
- SCIM
- Group claims
Role model
Composable roles built from atomic permissions. Inheritance + site scoping.
- Atomic perms
- Roles
- Site scope
Enforcement
Checked at the resolver + database layers. No path bypasses RBAC.
- Resolver checks
- Row-level security
- Audit log
Review
Quarterly access review report + alerts on dormant + over-privileged accounts.
- Quarterly report
- Dormant alerts
- Over-priv alerts
Roles + permissions are exportable as JSON for compliance review.
Why ops + IT leaders pick it
Access management your auditor will accept.
No spreadsheet RBAC
Roles live in the product, not in a shared sheet. Changes are versioned and audit-logged.
Zero RBAC spreadsheets
Audit-ready
Quarterly access review report formatted to drop into your SOC 2 / ISO evidence pack.
Auditor-ready in <1 day
De-provisioning that actually works
When the SSO group changes, access changes within seconds. No more ex-employees with active sessions.
<60s de-provisioning
Common questions
SSO, SCIM, and support access.
See the access review report
We'll walk through your role model live.
Bring an org chart or a sample role grid. We'll model it in the demo tenant in 20 minutes.
