Register Owner: CISO
Effective Date: June 13, 2026
Reviewed: Annually
Frameworks: SOC 2 CC6.1–CC6.3; ISO 27001 A.5.15–A.5.18, A.8.2, A.8.5. Visualizes the Access Control Policy and Access Matrix.

Authentication & authorization paths

Controls

  • Customers authenticate via WorkOS (SSO/OIDC + MFA) to the product.
  • Workforce authenticate via Rippling (IdP/SSO + MFA) with role-based bundles; joiner/mover/leaver per Access Management and Offboarding.
  • Admin panel and engineer access are gated by Cloudflare Access (Zero Trust); production-infrastructure access additionally requires Tailscale (device-bound) and uses Vault for workload secrets / break-glass.
  • Least privilege + reviews: privileged access requires named approval; quarterly access reviews cover user, privileged, and service accounts (see Access Reviews). Entitlement baseline is the Access Matrix.

Cross-references

Version history

VersionDateDescriptionAuthorApproved by
1.0June 13, 2026Initial identity & access diagram.Cameron WolfeIshan Jadhwani