SaaS
SaaS access baseline
Role gates, MFA, IP allowlist, audit log — a sensible starting point for any B2B SaaS.
What this package does
A pragmatic baseline for B2B SaaS backends. Role-gated entry, MFA on every privileged session, optional IP allowlist for admin surfaces, PII redaction, and a 1-year immutable audit log. Use this when you don't have an industry-specific package yet.
Designed for
- Internal tools and admin consoles
- B2B SaaS backends
- AI agents calling internal CRMs
What's included
- Role-gated entry (admin role by default)
- MFA ≤ 15 minutes
- Configurable IP allowlist
- PII redaction + 1-year audit
Controls in this bundle
Profile tiers
Switch profiles in Studio to retune default thresholds across the whole bundle without rewriting any control by hand. This package ships at recommended — anything you've already tightened by hand is preserved on switch.
Every control in this package uses identical parameters across all four profiles. Switching profile in Studio has no effect here.
Attestation
The canonical hash of these bundle bytes is sha256:b44929ca13eb6637f668795cbc0103f3d97c958770a6908ff307a0b1b2ce0569. The same hash is computed at lock time, at Stripe checkout, and again on the runtime side before any byte is honored.
Want to customize first? Opening this package in Studio prefills the canvas with the 5 controls above. You can add, remove, or retune any of them before you lock the hash and pay.