Enterprise
Enterprise-ready, security-review-ready
SSO, SCIM provisioning, a tamper-evident audit log, fine-grained access control, hardened defaults, and self-hosting you own โ everything your security team will ask about.
SSO (SAML / OIDC)
Log in with your IdP โ SAML 2.0, OIDC, Google. Session-fixation hardened. Fail-closed account binding.
SCIM provisioning
Automate user and group lifecycle from your IdP. Bearer-authed SCIM 2.0 with soft-delete and discovery.
Tamper-evident audit log
SHA-256 hash-chained audit trail. Query, verify, and export from the admin UI or REST API.
RBAC & access control
Database-backed policy grants, page-level ACLs, and managed groups โ enforced everywhere.
Security hardening
NIST 800-63B passwords, CSRF/CORS/CSP headers, and deserialization filtering on every stream.
Self-hosting & backup
Docker + PostgreSQL. Plain markdown you own. 3-2-1 backup with off-site pull and tested disaster recovery.