Access Control & Identity Management Policy

Verification Expired

Updated today

โ€ข

2 min read

Purpose

Define how identities are managed and how access to Perfect Wiki systems and customer data is provisioned, authenticated, authorized, reviewed, and revoked.

Scope

Applies to all Perfect Wiki personnel, contractors, customer end-users, and integrations.

Policy โ€” end users (customers)

  • End-user authentication is supported via Microsoft Entra SSO, Google Workspace SSO, and passwordless email one-time code. No passwords are stored by Perfect Wiki.
  • Multi-factor authentication is inherited from the customer's identity provider. Customers are responsible for enforcing MFA on Microsoft or Google for their users.
  • For Microsoft Entra logins, the user's email must belong to one of the organization's verified domains (anti-nOAuth-abuse check).
  • Role-based access control is enforced server-side on every API endpoint via middleware. Roles include Admin, Editor, and Viewer. The least-privilege principle is applied.
  • Customer admins are responsible for inviting, removing, and reviewing access of users within their organization.
  • Session tokens are stored in secure, HTTP-only cookies and expire on logout or after extended inactivity.
  • API access for the Public API uses opaque bearer tokens that can be regenerated at any time; regenerating immediately invalidates the previous token. Tokens are rate-limited.

Policy โ€” production access (Perfect Wiki personnel)

  • Access to production systems (Google Cloud project, Firestore, Cloud Storage, Pub/Sub, Redis) is restricted to a documented list of Authorized Personnel.
  • Production access is granted only after employment / contract terms (including NDA) are signed, background check is completed, and access need is justified.
  • Authentication to production uses the personnel member's Google Workspace identity with mandatory MFA on the IdP.
  • Privileged roles (project owner, service-account key holder) are limited to the minimum number of people required to keep the service running.
  • Access is reviewed at least quarterly and revoked within 24 hours of role change or termination.
  • Production access activity is logged via Google Cloud Audit Logs.

Roles & responsibilities

  • CEO/CTO: Approves all production access grants and conducts quarterly reviews.
  • Customer Admins: Manage their own organization's users.

Review cadence

Reviewed annually; quarterly access reviews of production accounts.

Related Articles

Was this page helpful?