Fortress is the identity and access plane under every Appriana product. Isolation, identity, and access are first-class parts of the offering. This page says how.
Every read passes through a tenant-aware query layer with a resolved tenant context attached. The scope of the result is fixed before the database runs the statement.
Tenancy is carried on every record. Resources live on paths such as /orgs/acme, and reads stay inside the caller's path.
Internal services and scheduled jobs run inside a tenant context of their own. Cross-tenant elevation exists only where it is needed, and it runs through controlled paths.
A work email, a personal email, a legacy username, a phone number. Identifiers can be added, verified, and retired while the identity holds steady.
A password, a SAML assertion, an OAuth grant, an API key. Each credential attaches to the same principal, and each one is revocable on its own.
Service accounts are first-class principals, distinct from human users, with rotating keys and scopes of their own.
A Realm is the boundary an identity belongs to. Internal staff, customer users, and contractor populations each get their own, with policy to match.
| Policy | Internal staff | Customer users |
|---|---|---|
| Self-registration | Disabled | Invite-only, or open |
| Email verification | Required | Required |
| MFA | Enforced | Enforced, or optional |
| SSO | SAML or OIDC, required | SAML, OIDC, or password |
/orgs/acme/ns/production/bloom/reports/Q1one report/orgs/acme/ns/production/bloom/**a product, inside one namespace/orgs/acme/**the whole organizationPermissions are atomic: read, write, delete, execute, admin. Roles bundle permissions. Groups collect principals. Grants bind groups to roles on a path.
Where grants overlap, an explicit DENY wins. Exceptions have to be stated, and stated exceptions are easy to audit.
Administrators see every active session with its IP, device fingerprint, and start time. Sessions are revocable one at a time, or all at once.
SAML or OIDC. Your team signs in the way it already does.
MFA is set on the population, so it covers everyone it should.
Read-only executives, admin operators, and contractors scoped to exactly what they need.
Your team revokes sessions directly, without a support ticket.
Your data and another customer's data stay out of each other's reach.
Any required access runs through Fortress itself, in a realm of its own.
A 30 minute briefing covers tenancy, access controls, and security posture, in direct conversation with the people who build and operate the platform.