CohesionXL

Security

Enterprise-Grade Security

CohesionXL is built for organizations that take security seriously. From SSO to audit trails, every layer is designed for enterprise compliance.

Authentication & SSO

CohesionXL integrates with Auth0 for enterprise single sign-on. RS256-signed JWTs ensure token integrity, with support for SAML 2.0 and OpenID Connect protocols. Multi-tenant organization isolation is enforced at the token level.

  • Auth0 SSO with SAML & OIDC
  • RS256 JWT token verification
  • Multi-tenant organization isolation
  • Session management and token rotation

Role-Based Access Control

Five built-in roles provide granular access control across the platform. Roles map directly from your identity provider, so permissions stay in sync with your org directory.

  • Viewer — Read-only access to plans and dashboards
  • Contributor — Create and edit initiatives and scenarios
  • Manager — Approve initiatives and manage team capacity
  • Admin — Configure org settings, integrations, and policies
  • Super Admin — Full platform access including audit and billing

Audit & Compliance

Every action in CohesionXL is logged in an immutable audit trail. Approval decisions, scenario changes, and configuration updates all carry timestamps, actor IDs, and before/after state.

  • Immutable audit log for all write operations
  • Approval chain decision history with rationale capture
  • Exportable audit reports for compliance reviews
  • Change tracking with before/after diffs

Feature Flags & Rollouts

New capabilities are gated behind feature flags, enabling controlled rollouts to specific organizations or user groups. This ensures stability while allowing early access to cutting-edge features.

  • Per-organization feature flag controls
  • Gradual rollout support for new capabilities
  • Kill switches for immediate feature disablement
  • A/B testing infrastructure for UX improvements

Entitlement & Seat Management

License entitlements are enforced at the platform level, tied to your subscription tier. Seat counts, feature access, and API rate limits are all governed by your plan.

  • Seat-based licensing with overage alerts
  • Tier-based feature gating (Core / Portfolio / Operating System)
  • API rate limiting per plan
  • Usage analytics and consumption dashboards

Data Security

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Infrastructure runs on SOC 2 Type II certified cloud providers with geographic redundancy.

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • SOC 2 Type II certified infrastructure
  • Regular penetration testing and vulnerability assessments

Have security questions?

Our team is ready to discuss your specific compliance and security requirements.

Contact UsView Docs