Security
Zero-trust admin console
IP allowlist, 5-min MFA, dual approval, breach threshold — defense-in-depth for privileged surfaces.
What this package does
Hardened guardrails for admin consoles and internal tooling. Every privileged session requires re-authentication within 5 minutes, access is restricted to declared CIDRs, any action that touches sensitive records requires a second approver, and every event writes to an immutable audit log.
Designed for
- Internal admin tools and back-offices
- Security operations consoles
- Infrastructure control planes
What's included
- IP allowlist (configure your org CIDRs)
- MFA freshness ≤ 5 minutes on privileged actions
- Dual approval before high-impact writes
- Breach alert @ 100 records
- Immutable 7-year audit trail
Controls in this bundle
Profile tiers
Switch profiles in Studio to retune default thresholds across the whole bundle without rewriting any control by hand. This package ships at strict — anything you've already tightened by hand is preserved on switch.
Every control in this package uses identical parameters across all four profiles. Switching profile in Studio has no effect here.
Attestation
The canonical hash of these bundle bytes is sha256:088b114cd70ad734fd327b423e11e7a66205a9d3d6442e628d43ac62cda442b9. The same hash is computed at lock time, at Stripe checkout, and again on the runtime side before any byte is honored.
Want to customize first? Opening this package in Studio prefills the canvas with the 8 controls above. You can add, remove, or retune any of them before you lock the hash and pay.