Docs / Security / Identity Governance
Identity governance security model
SSO, SCIM, session policy, and role mapping are governed with explicit approvals and immutable evidence.
Security controls
SSO provider registry
Every provider is registered with issuer metadata, client ID, and enablement status.
SCIM directory
Users and groups are versioned, reconciled, and logged to identity ledgers.
Session policy
MFA requirements, TTLs, and reauth intervals are enforced for all sessions.
Change approvals
Identity changes enter a queue, require approvals, and generate receipts.
How to use
1. Review control
Understand the control definition.
2. Verify implementation
Confirm evidence output exists.
3. Export proof
Generate evidence for auditors.
4. Monitor drift
Track changes to control posture.
Console pages
Identity evidence exports
Identity ledger exports with hashes and receipts
Change queue, timeline, and receipt packets
Regulator‑ready identity packet (signed, hashed)
Key API endpoints
GET /identity/ledger — identity ledgerPOST /identity/changes — submit changesEvidence outputs
Identity change receipts
Session evidence