Tenant isolation
All workspace data is scoped to an organization boundary. API tokens, integration endpoints, and exports are tied to a single organization and cannot cross tenants.
Security
Enterprise security, built in
IndexBox Tenders is designed for enterprise procurement teams that need strict data isolation, secure integrations, and auditable access controls. Security is enforced at the infrastructure layer, in the application model, and in every integration workflow.
Security pillars
Core controls we apply across the platform.
Secure integrations
Outbound integrations require HTTPS in production, block private or loopback hosts, and can be allowlisted. Webhooks are signed and versioned.
Identity controls
SSO (OIDC or SAML) and SCIM provisioning are available for enterprise tenants, with role-based admin controls and test login flows.
Auditable operations
Token creation, last-used timestamps, delivery status, and integration events are recorded so teams can trace activity and investigate issues.
Infrastructure & environment isolation
Production, staging, and development environments are separated to protect customer data.
- Separate environment configurations and secrets are used for production, staging, and development.
- Production data stays in production; non-production workflows operate on isolated datasets.
- Organization-level scoping ensures data access, integrations, and exports remain within the correct tenant.
Identity, access, and roles
Admin-only controls with enterprise identity integrations.
Role-based controls
- Only Owners and Admins can manage integrations, tokens, and SSO settings.
- SCIM provisioning maps groups to roles for controlled access.
SSO & SCIM
- OIDC and SAML support enterprise identity providers with test login validation.
- SCIM tokens can be revoked instantly and are scoped to a single organization.
Integration security
Defensive controls applied to every integration workflow.
Outbound webhook safety
- HTTPS is required in production; credentials in URLs are rejected.
- Private, loopback, and link-local hosts are blocked and DNS is validated.
- Optional allowlists enforce approved destinations for outbound delivery.
Signed delivery & versioning
- Webhooks include HMAC signatures and timestamps for verification.
- Schema versions are announced in headers to support safe upgrades.
- Outbox retry queues prevent data loss and support replay.
Additional safeguards
- API and SCIM tokens are stored as hashes and shown only once.
- Secrets can be rotated without downtime.
- Attachment downloads use an allowlisted domain policy.
Data handling & auditability
Transparent controls for data access and traceability.
- CRM exports and API access are read-only and scoped to your organization.
- Tokens expose creation and last-used timestamps for operational auditing.
- Delivery status and retries are tracked in the outbox for traceability.
Enterprise security review
We support security reviews, allowlist planning, and pilot rollouts for enterprise connectors. Share your requirements and we will map a secure deployment plan.