Security for Enterprise Requirements
Built for regulated industries from day one. Single Sign-On (SSO), Passkeys, Audit Trails, Web Source Governance, Self-Hosting, and 6-tier role hierarchy — all included.
SAML 2.0 / OIDC SSO
Enterprise Single Sign-On via BoxyHQ Jackson. Compatible with all major identity providers.
Supported Providers
- Automatic provisioning
- Group Mapping
- Session Management
- MFA Enforcement
Role-Based Access Control
6-tier role hierarchy at every level. From organization to individual project.
- Organization → Project → Resource
- 6 roles incl. PROJECT_VIEWER
- API Token Scopes
- Granular permissions
Audit Trails
Complete logging of all actions. Who did what, when — for compliance and forensics.
- Immutable logs
- JSON Export
- SIEM integration
- Configurable retention
Self-Hosting
Full control over your data. Deployment on your own infrastructure with dedicated support.
- Docker / Kubernetes
- Air-gapped (Ollama)
- EU Datacenter
- Custom Domain
- Private VPC
Passkeys & 2FA
Modern authentication: WebAuthn Passkeys, TOTP 2FA, and OAuth. Passwordless possible.
- WebAuthn / FIDO2
- TOTP Authenticator
- TLS 1.3 in transit
- AES-256 at rest
Web Source Governance
Control which web sources the AI may use. Whitelist, blacklist, or fully disabled.
- URL Whitelist / Blacklist
- Domain-level control
- Fully disableable
- Configurable per project
Authentication Methods
Flexible login options for every scenario — from social login to enterprise SSO.
6-Tier Role Hierarchy
Clear separation of responsibilities at platform, organization, and project level.
NOPEX_ADMINPlatformFull platform control. Nopex staff only.
ORG_ADMINOrganizationManages an organization and all its projects.
MEMBEROrganizationStandard member of an organization.
PROJECT_ADMINProjectManages a single project.
PROJECT_MEMBERProjectWorks on a project.
PROJECT_VIEWERProjectRead-only access to a project. Ideal for stakeholders and external reviewers.