Feature

Security

2FA, passkeys, SCIM, audit log, JWT key rotation, secrets via SecretBox.

TOTP per RFC 6238 with backup codes. WebAuthn passkeys. SCIM 2.0 for auto-provisioning from external IdPs with group → role mapping. JWT signing keys rotate via the kid header. An append-only audit log with CSV export. Secrets are encrypted with AES-256-GCM SecretBox.

Key properties

✓TOTP 2FA + WebAuthn passkeys + OAuth
✓SCIM 2.0: Users + Groups + role mapping
✓JWT key rotation with a KeyRevocator
✓Append-only audit log + CSV export
✓AES-256-GCM SecretBox for at-rest secrets

Related features

Agents & mTLS

Push-only architecture, client certificates with a 24-hour TTL, auto-rotation.

Enterprise

SCIM, SSO, multi-region, audit, role mapping. Options for regulated industries.

Try it free Documentation