Skip to content
English
Go to atwork.ai
  • There are no suggestions because the search field is empty.

Access Control and Authentication

  1. Least Privilege

    atwork defines clear roles and permissions: developers, administrators, and users, each with clear access rules and authentication requirements.

    Access to systems and data is based on the principle of least privilege. Developers use MFA-protected Azure Entra ID access. Admins manage users and surveys within the application; they are subject to strict password policies and role-based access restrictions. Users can manage their own profiles and participate in surveys.

  2. Authentication

    Access to AWS SES is restricted to authorized developers and protected by multi-factor authentication. Access to Azure OpenAI is exclusively via managed identities with role-based access control (RBAC).

    There is no multi-factor authentication for administrators and users.

  3. Passwords

    All users, including those with supervisor roles, must use passwords with at least 12 characters, including at least one uppercase letter, one lowercase letter, one number, and one special character.

  4. Access logging & session management

    For additional security, all login processes and accesses are logged so that complete tracking is possible if necessary. Sessions are automatically terminated if they are inactive to prevent misuse.