Security Dashboard
OrganizationSecurity Dashboard
The security dashboard gives you a real-time view of your organization’s security posture. It calculates a security score, tracks compliance with industry frameworks, and shows recent security events.
Security Score
A score from 0 to 100 based on 8 security controls:
| Control | Points | What It Checks |
|---|---|---|
| MFA Enforced | 15 | Multi-factor authentication required for all members |
| Enterprise IdP | 15 | At least one enterprise SSO connection enabled |
| Verified Domain | 15 | At least one domain verified for Home Realm Discovery |
| Session Timeout | 10 | Session timeout configured (not using defaults) |
| All Members Active | 10 | All members logged in within last 30 days |
| Project Access Control | 15 | Project-level RBAC enabled |
| No Critical Vulnerabilities | 10 | No critical security findings in project scans |
| Encryption at Rest | 10 | All sensitive data encrypted (always passes — built into the platform) |
Score colors:
- Green (80-100) — Strong security posture
- Amber (50-79) — Some improvements needed
- Red (0-49) — Action required
Compliance Frameworks
Three compliance framework cards show how your security controls map to industry standards:
HIPAA
Healthcare data protection requirements. Controls checked: encryption, access control, audit logging, MFA.
HITRUST
Healthcare information trust alliance. Broader control coverage including risk management and incident response.
SOC 2
Service organization controls. Trust services criteria: security, availability, processing integrity.
Each framework shows the number of controls passing vs total, with an expandable list of individual controls and their status.
Recent Security Events
A timeline of the last 10 security-relevant events in your organization:
- Member invited / removed
- Role changed
- SSO connection created / modified
- Security policy updated
- Login events
Each event shows the action, who performed it, and when.
Member Access Summary
A breakdown of your team’s access patterns:
- Total members and breakdown by role (owner, admin, member, viewer)
- Login distribution — How recently members have logged in:
- Last 7 days
- 7-30 days ago
- 30+ days ago
- Never logged in
Inactive members (30+ days) may indicate stale accounts that should be reviewed.
Encryption Status
Shows the encryption method for each category of sensitive data:
| Data | Method |
|---|---|
| Session tokens | AES-256-GCM |
| Environment variables | AES-256-GCM |
| Signing credentials | AES-256-GCM |
| GitHub tokens | AES-256-GCM |
| Data in transit | TLS 1.3 |
| Database at rest | Platform-managed |
Quick Actions
Four buttons at the bottom link to related settings:
- Enable MFA → Organization Settings (security section)
- Review Members → Members tab
- Configure SSO → Identity & SSO tab
- Run Compliance Scan → Triggers a fresh compliance check