Skip to main content
Genie9

GOVERN · SECURITY & IDENTITY

The front door belongs to your identity provider.

Sentinel plugs into the identity provider you already run: single sign-on, automatic provisioning, phishing-resistant MFA, and role-based access enforced on every request. Your IdP stays the source of truth.

Request Demo AccessTalk to Sales
SSO settings on dark chrome showing an organization with one SAML and one OIDC identity provider configured, with attribute mapping panel and Enabled togglesClick to enlarge

Multiple identity providers per organization — your directory stays the source of truth.

SAML 2.0 + OIDC
Single sign-on
multi-IdP per organization
SCIM 2.0
Automatic provisioning
joiners, movers, leavers from your directory
8 × 3
Permission model
categories × levels, enforced on every API request
AES-256
Encryption
at rest and in transit, no plaintext anywhere
Single Sign-On

One login — the one your people already have.

Sentinel authenticates against your existing identity provider over SAML 2.0 or OIDC, with support for multiple IdPs per organization — so staff and partner agencies can each use their own.

  • SAML 2.0 — SHA-256 signed AuthnRequest, signed Response required; metadata URL or XML upload; configurable attribute mapping
  • OIDC — Authorization Code flow with PKCE; discovery URL, client ID and secret, ID-token verification with JWKS rotation
  • Multiple IdPs per organization — each with its own attribute mapping, default role, and group-to-role mapping
  • Verified against Microsoft Entra ID, Okta, Google Workspace, Auth0, and Keycloak
Identity providers list showing multi-IdP per organization with one SAML and one OIDC entry, each with status and attribute mapping summaryClick to enlarge

Both IdP-initiated and SP-initiated flows — however your IdP prefers to work.

Provisioning

Joiners, movers, leavers — handled by your directory.

SCIM 2.0 lets your identity provider drive the full user lifecycle — joiners get access automatically, leavers lose it immediately, with no manual account work.

  • Inbound provisioning — your IdP creates, updates, and disables users and groups against a per-organization SCIM endpoint
  • Group-to-role mapping — directory group membership maps to Sentinel roles, configurable per organization
  • Per-integration bearer token — rotatable, stored encrypted, never returned in plaintext
  • Just-in-time provisioning — a user is created on first successful SSO login where SCIM isn't available
RBAC settings page showing built-in roles (Operator, Supervisor, Investigator, Admin) with per-category level toggles and a per-user camera-group scope selectorClick to enlarge

Directory group → Sentinel role, with per-camera-group scope per user.

Authorization

Not everyone needs to see everything — and the API enforces it.

Eight permission categories, each with three levels, enforced on every API request — not just hidden in the interface — with per-camera-group scoping for granular control.

  • Eight categories × three levels — live operations, camera management, watchlist, face search & persons, evidence & signing, audit, lawful-basis maintenance, and administration
  • Built-in roles — Operator, Supervisor, Investigator, and Admin; cloneable and tunable per category
  • Enforced across the API — each guarded endpoint checks the permission and returns a precise denial naming the category that blocked it
  • Per-camera-group scope — a role can be confined to named groups; cross-group requests are refused even with the right category permission
RBAC settings showing built-in roles with per-category level toggles and a per-user camera-group scope selectorClick to enlarge

Role-based access enforced on every API request, not just in the UI.

Phishing-Resistant MFA

A factor that can’t be phished, fed to a fake page, or read over the phone.

Sentinel supports WebAuthn / FIDO2 for hardware-backed, phishing-resistant authentication — use it as a second factor, a primary factor, or a required step-up for high-stakes actions.

  • Per-user passkeys — register multiple authenticators per person; enrol, use, and remove are each audited
  • Step-up authentication — require a passkey for high-stakes actions; some org policies require evidence and case-file signatures to be biometric
  • Works with your SSO — layered on top of SAML or OIDC, not a replacement for it
  • No shared secret to leak — the private key never leaves the operator's device
SSO settings panel alongside a WebAuthn passkey enrolment prompt on dark chromeClick to enlarge

Layered on top of SSO — not a replacement for it.

More in Security

Your rules for who stays signed in, from where, and for how long.

Session handover at shift change

The outgoing operator generates a one-time, short-lived code. The incoming operator enters it to claim the working context — open cases, watchlist view, filter state. The outgoing session ends. Two people, one deliberate transfer, both on the record.

Secrets manager

IdP client secrets, SCIM tokens, signing certificates, and agent enrolment tokens are all encrypted at rest, wrapped by a key you control, and never returned or logged in plaintext. The wrap key is rotatable without re-encrypting everything behind it.

AES-256 encryption

Every byte Sentinel holds — footage, metadata, face embeddings, plate records, event and audit logs, configuration — is encrypted with AES-256 at rest and TLS in transit. Per-organization keys; customer-managed keys for on-premise and air-gapped deployments.

Login security

Repeated failed logins trigger a temporary lockout that an administrator can clear. Auth endpoints are rate-limited. A suspicious geo mismatch triggers a step-up challenge before the session is granted.

Per-organization session policy

Idle timeout, concurrent-session limit, IP allowlist (CIDR), geo allowlist, and optional device binding — each organization sets its own rules and they apply uniformly, cloud or on-premise.

How it works

Sentinel inside your existing identity and SOC stack.

1

Connect your IdP

Register Sentinel in your identity provider, configure one or more SAML or OIDC connections, and map directory groups to Sentinel roles. The IdP stays the source of truth.

2

Provision automatically

Turn on SCIM so joiners, movers, and leavers flow from your directory into Sentinel without manual account work — or use just-in-time creation on first login.

3

Add phishing-resistant MFA

Enrol WebAuthn / FIDO2 passkeys, and require step-up for the highest-assurance actions like evidence signing.

4

Set the rules

Apply your session policy (idle timeout, concurrent limit, IP and geo allowlists) and assign role plus camera-group scope per user.

5

Run, accountably

Every login, role change, passkey enrolment, handover, and guarded action is checked at the API and recorded in the tamper-evident audit.

Specifications

What’s in the identity stack.

SSO — SAML 2.0IdP- and SP-initiated; SHA-256 signed AuthnRequest, signed Response required; metadata URL or XML upload; configurable entity ID, ACS URL, signing cert, attribute mapping
SSO — OIDCAuthorization Code flow with PKCE; discovery URL, client ID/secret, scopes; ID-token verification with JWKS rotation
Multi-IdPMultiple identity providers per organization; per-IdP attribute mapping, default role, and group-to-role mapping; user choice at login
Verified IdPsMicrosoft Entra ID, Okta, Google Workspace, Auth0, Keycloak — integrations we have verified against, not endorsements
ProvisioningSCIM 2.0 inbound (create / update / disable users and groups); per-org endpoint; rotatable bearer token; group-to-role mapping; just-in-time alternative
MFAWebAuthn / FIDO2 (Touch ID, Windows Hello, YubiKey); multiple passkeys per user; second factor, primary factor, or required step-up
RBAC8 permission categories × 3 levels (none / view / full); built-in Operator / Supervisor / Investigator / Admin; cloneable + customizable; per-camera-group scoping; enforced on every guarded API endpoint
Session policyPer-organization idle timeout, concurrent-session limit, IP allowlist (CIDR), geo allowlist (country codes), optional device binding
Login securityAccount lockout on repeated failures, auth-endpoint rate limiting, step-up challenge on geo mismatch, admin unlock
Session handoverOne-time short-lived code, audit-recorded, context transfer, automatic expiry cleanup
Secrets managerIdP client secrets, SCIM tokens, signing certs, and agent tokens encrypted at rest; rotatable wrap key; no plaintext logged or returned
EncryptionAES-256 at rest (all tiers); TLS in transit; per-organization keys; customer-managed keys for on-premise / air-gapped
DeploymentIdentical identity, RBAC, and session enforcement in cloud, on-premise, and air-gapped modes

Standards named here (SAML 2.0, OIDC, SCIM 2.0, WebAuthn / FIDO2, AES-256) are for the architect evaluating the design. Named IdPs are integrations we have verified against — not endorsements.

Govern, continued

Security & Identity works with the rest of Govern.

Audit & Accountability

Every login, role change, passkey use, and guarded action recorded in a tamper-evident chain you can verify independently.

Learn more

Compliance & Privacy

Lawful basis on every watched subject, privacy controls on by default, subject-access handling, retention, and breach workflow.

Learn more

Evidence & Chain of Custody

Sealed evidence packs, multi-signer case files, and litigation holds — the actions that RBAC and WebAuthn step-up protect on every request.

Learn more

Fit Sentinel into the identity stack you already trust.

Request demo access and we’ll connect Sentinel to a test identity provider end to end — single sign-on, SCIM provisioning, a passkey step-up, and role-based access enforced on a live API call — then show every one of those actions landing in the audit.

Request Demo AccessTalk to Sales