Enterprise Security
Identity & Access: SSO Integration & Security
In an enterprise engineering environment, data security is inseparable from operational speed. Edelweis implements IAM centered around Single Sign-On (SSO) to ensure that access to sensitive IP is frictionless for authorized users and impenetrable to threats.
1. Unified Authentication Architecture
We utilize a centralized identity provider (IdP) model to move away from fragmented, local passwords:
SAML 2.0 / OIDC
Standardized integration with enterprise IdPs such as Okta, Microsoft Entra ID, or Google Workspace.
Zero-Trust Access
Continuous verification of identity, device health, and network context before granting access.
SCIM Provisioning
Automatic account creation and immediate revocation linked directly to your enterprise HR system.
2. Role-Based Access Control (RBAC)
| Role Level | Permissions | Security Constraints |
|---|---|---|
| Lead Engineer | Write/Edit in "In-Work" zones. | MFA required for all "Check-In" actions. |
| Reviewer | Approve/Reject transitions. | Exclusive permission to move to "Released". |
| Vendor/Partner | View-Only via Secure Portal. | Restricted to specific Handover folders. |
| System Admin | Infrastructure & Logs. | Full audit trail of all permission changes. |
3. MFA & Conditional Access
-
•
Hardware-Backed Security: Support for FIDO2/U2F keys (YubiKey) to prevent phishing-based credential theft.
-
•
Geofencing & Whitelisting: Restricting access based on verified office locations or secure VPN tunnels.
-
•
Session Risk Scoring: AI-triggered verification if login attempts appear anomalous (unusual time/device).
4. Audit & Compliance Logging
-
•
Login & Access Logs: Every attempt to view a drawing or download a BOM is timestamped and attributed.
-
•
Permission Change Tracking: Permanent record of who authorized elevated privileges for V&V compliance.
-
•
Anomaly Detection: Monitoring for mass-downloading events or unauthorized attempts to access archived vaults.
Technical Directives
| Directive | Protocol |
|---|---|
| No Local Accounts | All access must be brokered through SSO; backdoor local accounts are prohibited. |
| Least Privilege | Users are granted the minimum level of access required for their specific role duties. |
| Periodic Review | Mandatory quarterly audit of all active permissions and external vendor access links. |