Skip to main content

Security Overview

SignalSync provides enterprise-grade security features to protect your data, control access, and ensure secure integration with external systems. As a Tenant Administrator, you have comprehensive tools to configure authentication policies, manage user access, and secure API integrations.

Security Architecture

SignalSync implements a multi-layered security approach:

Identity & Access Management

  • Role-Based Access Control (RBAC) using profiles
  • Multi-tenant architecture with complete data isolation
  • Flexible authentication options including traditional credentials and enterprise SSO

Data Protection

  • End-to-end encryption for data in transit (TLS/SSL)
  • Secure credential storage with industry-standard encryption
  • Regular security audits and compliance monitoring

API Security

  • Token-based authentication for external integrations
  • Configurable rate limiting to prevent abuse
  • Granular permission controls for API access

Available Security Features

Password Policy Configuration

Define and enforce password security requirements across your organization to ensure strong credential protection.

Key Capabilities:

  • Minimum password length requirements (8-32 characters)
  • Complexity rules (uppercase, lowercase, numbers, special characters)
  • Password expiration policies
  • Password history to prevent reuse
  • Account lockout after failed login attempts
  • Password strength validation in real-time

Use Cases:

  • Enforce compliance with industry security standards (NIST, ISO 27001)
  • Implement custom password policies aligned with organizational security requirements
  • Reduce risk of credential-based attacks through strong password requirements

Who Should Use This: All Tenant Administrators should configure password policies to establish baseline security for user accounts.

Learn more about Password Policy Configuration →

OAuth2 Configuration

Enable seamless single sign-on (SSO) integration with enterprise identity providers for streamlined authentication and enhanced security.

Supported Provider:

  • Microsoft Entra ID (Azure AD) - Connect with Microsoft 365 and Azure Active Directory for enterprise SSO
Additional Providers

SignalSync currently supports Microsoft Entra ID as the OAuth2 provider. If your organization requires additional OAuth2 providers (Google Workspace, Okta, etc.), please contact SignalSync Support at [email protected]

Key Capabilities:

  • Simplified user authentication without separate SignalSync passwords
  • Centralized identity management through your existing IdP
  • Automatic user provisioning and profile synchronization
  • Leverage existing MFA/2FA policies from your identity provider
  • Reduced IT overhead for password resets and account management

Security Benefits:

  • Single point of authentication control
  • Inherit enterprise-grade security policies from IdP
  • Faster account deactivation when employees leave
  • Audit trail through centralized identity system
  • Reduced password fatigue and credential reuse

Use Cases:

  • Organizations with existing Microsoft 365 deployments
  • Enterprises requiring centralized identity management
  • Companies with strict compliance requirements for authentication
  • Teams seeking to eliminate password management overhead

Who Should Use This: Organizations with established identity providers who want to leverage existing authentication infrastructure and security policies.

Learn more about OAuth2 Configuration →

Two-Factor Authentication (2FA)

Add an extra layer of security by requiring users to verify their identity with a time-based one-time password (TOTP) in addition to their regular credentials.

Key Capabilities:

  • Organization-wide Enforcement - Tenant Administrators can mandate 2FA for all users
  • TOTP Authenticator Support - Compatible with Google Authenticator, Microsoft Authenticator, and other TOTP apps
  • Email Verification Fallback - Users can receive verification codes via email if they don't have access to their authenticator device
  • Flexible Configuration - Enable 2FA enforcement globally or allow users to opt-in voluntarily

How It Works:

  1. Users scan a QR code with their authenticator app during setup
  2. App generates time-based 6-digit codes that refresh every 30 seconds
  3. Users enter their password plus the current code when logging in
  4. Email verification provides emergency access if authenticator device is unavailable

OAuth2 Integration: Users who authenticate via Microsoft OAuth2 are exempt from SignalSync's 2FA system. Instead, they rely on the multi-factor authentication policies configured in Microsoft Entra ID. The "Enforce Organization-wide Two-Factor Authentication" toggle does not affect OAuth2 users.

Security Benefits:

  • Protection against password compromise and credential theft
  • Compliance with security frameworks requiring multi-factor authentication
  • Significantly reduced risk of unauthorized account access
  • User-controlled security device (phone/tablet)

Use Cases:

  • Organizations handling sensitive or confidential data
  • Compliance requirements (HIPAA, SOC 2, GDPR)
  • High-security environments requiring defense-in-depth
  • Protecting privileged administrator accounts

Who Should Use This: All organizations should consider 2FA, particularly those in regulated industries or handling sensitive information. Essential for administrator accounts.

Learn more about Two-Factor Authentication →

API Keys Management

Create and manage secure authentication tokens for integrating SignalSync with external applications and services through Rule Chains endpoints.

Key Capabilities:

  • Secure Token Generation - Create unique API keys for each external integration
  • Flexible Expiration Policies - Set expiration from 1 day to never expires
  • Rate Limiting - Configure request limits to prevent abuse (default: 100 requests/60 seconds)
  • Enable/Disable Controls - Temporarily revoke access without deleting keys
  • User Assignment - Associate keys with specific users for audit tracking

Authentication Method: External applications authenticate by including the API key in the x-api-key header when making requests to SignalSync's External Rule Chain endpoints.

Current Integration Scope: API keys are currently used exclusively for authenticating requests to External Rule Chain endpoints. Future releases will extend functionality to support additional API operations with granular permission controls.

Security Features:

  • One-time key display (keys cannot be retrieved after creation)
  • Configurable rate limiting to prevent denial-of-service attacks
  • Ability to rotate keys without service disruption
  • Usage tracking with "Last Used" timestamps
  • Masked key display in management interface

Use Cases:

  • Triggering maintenance workflows from external building management systems
  • Integrating IoT sensors and alarm systems with SignalSync workflows
  • Connecting third-party software to SignalSync's business logic
  • Building custom integrations with external vendor solutions
  • Automating business processes across multiple systems

Who Should Use This: Tenant Administrators responsible for external system integrations, particularly when connecting building management systems, IoT platforms, or third-party business applications.

Learn more about API Keys Management →

Security Best Practices

For Tenant Administrators

Access Control:

  • Review and update password policies quarterly
  • Enable organization-wide 2FA for all users, especially administrators
  • Use OAuth2 for organizations with existing identity providers
  • Regularly audit user accounts and remove inactive users
  • Implement principle of least privilege for user roles

API Security:

  • Rotate API keys every 30-90 days
  • Use separate API keys for each external integration
  • Enable rate limiting on all API keys
  • Disable or delete unused API keys promptly

Monitoring & Auditing:

  • Review security settings regularly
  • Track API key usage and expiration dates
  • Document security configuration decisions
  • Maintain inventory of active integrations and their API keys

For End Users

Password Hygiene:

  • Use unique passwords for SignalSync (don't reuse from other services)
  • Enable 2FA on your account even if not required
  • Store backup codes in a secure location
  • Report suspicious login attempts immediately
  • Never share your credentials or 2FA codes

Authentication Best Practices:

  • Prefer OAuth2 authentication when available
  • Log out when using shared computers
  • Use password managers to generate and store strong passwords
  • Keep authenticator apps updated
  • Report lost devices with authenticator apps to administrators immediately

Security Compliance

SignalSync's security features support compliance with common frameworks and regulations:

Industry Standards:

  • ISO 27001 - Password policies, access controls, and audit capabilities
  • SOC 2 - Data protection, authentication, and monitoring controls
  • NIST Cybersecurity Framework - Multi-factor authentication and access management

Regulatory Requirements:

  • GDPR - Data protection and access control capabilities
  • HIPAA - Authentication, authorization, and audit trail features (for healthcare customers)
  • PCI DSS - Strong authentication and secure credential storage
Compliance Note

While SignalSync provides security controls that support compliance efforts, achieving full compliance requires implementing appropriate organizational policies and procedures beyond the platform's technical capabilities. Consult with your compliance team to ensure proper configuration.

Getting Help

For Tenant Administrators:

  • Refer to individual feature documentation pages for detailed configuration instructions
  • Contact SignalSync Cloud Administrators for advanced security requirements
  • Review release notes for security enhancements and updates

For End Users:

  • Contact your Tenant Administrator for account security issues
  • Report security concerns through your organization's security incident response process
  • Reference user guides for authentication and password management

Security Incidents: If you suspect a security breach, unauthorized access, or compromised credentials:

  1. Immediately disable the affected account or API key
  2. Notify your Tenant Administrator or security team
  3. Document the incident details
  4. For platform-level security concerns, contact SignalSync support

What's Next?

Recommended Security Configuration Steps:

  1. Configure Password Policy - Establish baseline password requirements for all users
  2. Enable OAuth2 (if applicable) - Integrate with your existing identity provider
  3. Enforce 2FA - Require multi-factor authentication for enhanced security
  4. Create API Keys - Set up secure integrations with external systems
  5. Document Policies - Record your security configuration and communicate to users
  6. Schedule Reviews - Plan regular security audits and policy updates

Each security feature can be configured independently based on your organization's specific requirements. Start with password policies and progressively implement additional security layers as needed.

Summary

SignalSync provides comprehensive security controls that enable organizations to:

  • Enforce strong authentication policies through password requirements and 2FA
  • Leverage existing identity infrastructure via OAuth2 integration
  • Secure external integrations with managed API keys
  • Maintain granular access control through RBAC

By properly configuring these security features, Tenant Administrators can build a defense-in-depth security posture that protects organizational data while maintaining user productivity and system integration capabilities. For detailed configuration instructions and best practices, refer to the individual feature documentation pages linked throughout this overview.