Summary:
This article describes how SSO, RBAC, password rules, and zero-trust principles protect access to BrynQ.

BrynQ access security overview
Access to BrynQ is managed with strong authentication, role-based access control, and network security. These measures define who can log in, what they can see, and how they can work in the system.

Single Sign-On (SSO) and identity providers

• BrynQ supports enforced Single Sign-On (SSO) using standards such as OAuth2 or SAML.

• When SSO is enabled, it cannot be bypassed; users must log in through the chosen identity provider.

• SSO supports the full employee lifecycle and enforces access rules before, during, and after employment.

• This keeps user identities and access rights aligned with your HR or directory systems.

Role-Based Access Control (RBAC)

• BrynQ supports Role-Based Access Control (RBAC) so that access to data and functions depends on the user’s role.

• Roles help implement controls for user registration, access provisioning, management of privileged access, and periodic access review.

• Access for people without a standard company account is handled with strong authentication and encryption, using the same security principles.

Password policy and credential management

• For Salure-developed applications, passwords must meet minimum length requirements and are stored in encrypted form.

• For IT-related applications and systems, stronger rules apply: passwords are created and stored using a password manager such as Keepass or LastPass.

• Server access is limited to a small group of users and goes through VPN and SSH keys or securely stored Windows credentials.

Zero-trust and segregation of duties

• The vendor follows a zero-trust approach with network segmentation and “need-to-know” access.

• Segregation of duties and clear security roles are defined in Salure’s organization, which reduces the risk of misuse of powerful accounts.

• This supports requirements for separation of duties and protection of program code.

Procedure:

1. When setting up BrynQ, decide which identity provider you use for SSO and which user groups or roles you need.

2. Work with your internal IT team to configure SSO via OAuth2 or SAML so that users log in through your central identity platform.

3. Map your internal job roles (for example HR admin, manager, IT support) to BrynQ roles and use RBAC so each group sees only the data it needs.

4. Make sure people without a standard company account get controlled access that follows your policies and BrynQ’s authentication options.

5. Review regularly who has access to BrynQ, focusing on privileged roles, and adjust rights when employees change roles or leave.

6. Document these access controls in your internal security documentation as part of your zero-trust and least-privilege strategy.

Additional Information:

• There are controls for user registration, deregistration, granting of rights, periodic review, and management of secret authentication information.

• Salure’s development and infrastructure policies require that access to source code and servers is strictly controlled and monitored.