Back to Datawall
Try Brend

Security & Compliance

SSO configuration, role-based access control, and compliance certifications.

Overview

Datawall is built with security at its core. We don't use external models or third-party APIs for processing your data — everything stays within your security perimeter. This page covers our security architecture, compliance certifications, and how to configure security features.

Data Security

Data Isolation

  • All customer data is logically isolated
  • No cross-tenant data access is possible
  • Dedicated infrastructure available for enterprise customers

Encryption

  • In Transit: TLS 1.3 for all connections
  • At Rest: AES-256 encryption for stored data
  • Key Management: Customer-managed keys available (Enterprise)

Data Residency

  • US data centers (default)
  • EU data centers available for GDPR compliance
  • Custom regions available for enterprise customers

Single Sign-On (SSO)

Brend supports enterprise SSO for seamless, secure authentication.

Supported Protocols

  • SAML 2.0 — Okta, Azure AD, OneLogin, Ping Identity
  • OIDC — Google Workspace, Auth0, Keycloak

Configuring SAML SSO

  1. Go to Settings → Security → SSO
  2. Select SAML 2.0
  3. Enter your Identity Provider details:
    • SSO URL
    • Entity ID
    • X.509 Certificate
  4. Download the Brend SP metadata for your IdP configuration
  5. Test the connection
  6. Enable SSO enforcement (optional)

Configuring OIDC SSO

  1. Go to Settings → Security → SSO
  2. Select OIDC
  3. Enter your provider details:
    • Client ID
    • Client Secret
    • Discovery URL (or manual endpoint configuration)
  4. Configure redirect URIs in your IdP
  5. Test the connection

Role-Based Access Control (RBAC)

Define granular permissions at multiple levels:

Standard Roles

Role Permissions
Owner Full access including billing and deletion
Admin Manage team, settings, and all workflows
Editor Create, edit, and deploy workflows
Viewer Read-only access to workflows and reports

Custom Roles (Enterprise)

Enterprise customers can create custom roles with specific permissions:

  • Workflow permissions (create, edit, delete, deploy)
  • Knowledge base permissions (view, edit, manage sources)
  • Team permissions (invite, manage roles)
  • Integration permissions (connect, configure)
  • Audit log access

Audit Logging

Complete audit trail of all actions in your workspace:

  • User Actions: Login, logout, password changes
  • Workflow Actions: Create, edit, delete, deploy, run
  • Data Access: Knowledge base queries and results
  • Admin Actions: User management, settings changes

Log Retention

  • Standard: 90 days
  • Enterprise: 1 year (configurable up to 7 years)

Log Export

Export logs to your SIEM or log management system:

  • API access to audit logs
  • Webhook notifications for real-time events
  • Integration with Splunk, Datadog, and other platforms

Compliance Certifications

Certification Status
SOC 2 Type II Certified
GDPR Compliant (DPA available)
HIPAA Ready (BAA available for Enterprise)
ISO 27001 In progress

Request compliance documentation from your account manager or contact us.

Security Best Practices

  • Enable SSO and disable password authentication
  • Use the principle of least privilege for role assignments
  • Regularly review audit logs and access permissions
  • Enable multi-factor authentication for admin accounts
  • Use environment variables for sensitive data in workflows
  • Regularly rotate API keys and secrets

Next Steps