Security

Corteza aims to be indisputably trustworthy in its motivations and in its approach to design, development and maintenance of the platform. Organisations should feel that their chosen digital work platform is always under their control, always protected and always developed in their best interests.

Authentication makes heavy use of the OpenID Connect Protocol (OIDC). “Login with Google” and “Login with Github” are enabled by default. However, the backend support for OIDC is extensive. For more information, see (reference)

Authentication can also be extended to include support for the DAASI Didmos Suite, which includes support for the PrivacyIDEA suite of Multi-factor Authentication protocols.

Corteza includes a fine-grained RBAC (Role-Based Access Control) system. Role creation is unlimited with users being able to inhabit multiple roles simultaneously, if required. Permissions can be set for across the full spectrum ranging from general access to field level read and update activities for individual fields.