FortressFortress · Identity and access

Multi-tenant by design.
Enforced on each record.

Fortress is the identity and access plane under every Appriana product. Isolation, identity, and access are first-class parts of the offering. This page says how.

/orgs/acme/ns/production/…
01 · Tenancy

Isolation lives at query time. Settled before a row is read.

Bound at the query

Every read passes through a tenant-aware query layer with a resolved tenant context attached. The scope of the result is fixed before the database runs the statement.

Scoped by path

Tenancy is carried on every record. Resources live on paths such as /orgs/acme, and reads stay inside the caller's path.

Systems held to the same rule

Internal services and scheduled jobs run inside a tenant context of their own. Cross-tenant elevation exists only where it is needed, and it runs through controlled paths.

requestGET /orgs/acme/ns/production/bloom/reports/Q1
contextprincipal = aylin@acme.com  ·  org = acme
scopeorg = acme fixed before the first row is read
resultrows from /orgs/acme/** and nowhere else
02 · Identity

One identity. Many ways to reach it.

Multiple identifiers

A work email, a personal email, a legacy username, a phone number. Identifiers can be added, verified, and retired while the identity holds steady.

Multiple credentials

A password, a SAML assertion, an OAuth grant, an API key. Each credential attaches to the same principal, and each one is revocable on its own.

Humans and services

Service accounts are first-class principals, distinct from human users, with rotating keys and scopes of their own.

Realms

A Realm is the boundary an identity belongs to. Internal staff, customer users, and contractor populations each get their own, with policy to match.

PolicyInternal staffCustomer users
Self-registrationDisabledInvite-only, or open
Email verificationRequiredRequired
MFAEnforcedEnforced, or optional
SSOSAML or OIDC, requiredSAML, OIDC, or password
03 · Access

Permissions on a path. Scoped to the resource.

/orgs/acme/ns/production/bloom/reports/Q1one report
/orgs/acme/ns/production/bloom/**a product, inside one namespace
/orgs/acme/**the whole organization

Permissions, roles, groups

Permissions are atomic: read, write, delete, execute, admin. Roles bundle permissions. Groups collect principals. Grants bind groups to roles on a path.

DENY beats ALLOW

Where grants overlap, an explicit DENY wins. Exceptions have to be stated, and stated exceptions are easy to audit.

Sessions

Administrators see every active session with its IP, device fingerprint, and start time. Sessions are revocable one at a time, or all at once.

04 · On your side

What this looks like from your seat.

Authentication

SSO with your IdP

SAML or OIDC. Your team signs in the way it already does.

Policy

MFA at the Realm level

MFA is set on the population, so it covers everyone it should.

Roles

Granular access for your teams

Read-only executives, admin operators, and contractors scoped to exactly what they need.

Incident response

Sessions your admins revoke

Your team revokes sessions directly, without a support ticket.

Isolation

Tenancy held at query time

Your data and another customer's data stay out of each other's reach.

Vendor access

Appriana staff in a separate Realm

Any required access runs through Fortress itself, in a realm of its own.

Vetting Appriana for enterprise rollout?
Bring your security team.

A 30 minute briefing covers tenancy, access controls, and security posture, in direct conversation with the people who build and operate the platform.