Access Control & Identity
Fine-grained access control with enterprise identity integration. RBAC with custom roles and 100+ granular permissions. OIDC, SAML 2.0, LDAP/AD with break-glass local fallback.
Authentication Methods
LocalUsername/password with session management
OIDC/OAuth 2.0Generic OpenID Connect, Azure AD, Google Workspace, Okta
SAML 2.0Entity ID, IdP metadata, attribute mapping, signed assertions, JIT provisioning
LDAP/ADBind DN, custom filters, TLS, break-glass local fallback
MFA/TOTPQR code setup, backup codes (8-10 single-use), 6-digit verification, enforced enrollment
RBAC
Custom Roles
Create with name, description, color, icon. Pre-defined: Admin, Operator, User, Viewer.
100+ Permissions
Fine-grained across settings, RBAC, compliance, alerts, backup, AI, dashboard, fleet, kubernetes, containers.
Dangerous Operation Flags
Extra confirmation for destructive actions. Prevents accidental production changes.
User Invitations
Email-based system with token acceptance, resend, and revoke.
Permission Categories
- fs.read, fs.write, fs.delete — filesystem access
- exec.run — command execution
- service.control — start/stop services
- package.install — package management
- snapshot.create, snapshot.restore — snapshots
- kubernetes.*, fleet.*, compliance.* — feature-level
Session & Security Policies
- Session timeout configuration
- Active session listing and revocation
- Password length, complexity, expiration, history
- Max login attempts with lockout
- Branding: instance name, logo, favicon customization
Integrations & Settings
TLS/HTTPS
Self-signed generation, Let's Encrypt auto-renewal, or certificate upload (PEM).
SMTP
Server, port, TLS, authentication, from address. Test connection before saving.
License Management
Key validation, tier features, expiration tracking.