Skip to main content

Governance intelligence for access, cloud, and SaaS. Now in early access

Nuxari
ResourcesPlatform OverviewArchitectureSecurityControl PacksAccess DriftRemediation LifecycleEvidence ModelAI Governance Assistant
Security

Security is not a feature. It is the operating model.

Nuxari is designed to operate in regulated, sensitive, and security-conscious environments. Tenant isolation, credential security, and audit immutability are not optional, they are enforced at the architecture level.

Tenant Isolation

Every piece of data in Nuxari belongs to exactly one organization. Every database query, API response, and evidence export is scoped to the requesting organization's ID. Data from one tenant is never accessible to another tenant, regardless of user role.

Tenant isolation is enforced at the service layer, not just the API layer. Every service function that reads or writes data requires an explicit orgId. There is no admin bypass.

What this means for your organization
Your access governance data, findings, remediation plans, and evidence packages are isolated to your tenant. No other Nuxari customer, and no Nuxari operator through normal paths, can read your data.

Role-Based Access Control

Nuxari enforces RBAC on every protected API route. Roles are defined per organization and enforced consistently:

RoleCapabilities
ownerFull access to org settings, users, integrations
adminManage workflows, connectors, and policies
approverApprove and reject assigned remediation plans
requesterSubmit access requests
auditorView and export audit logs and evidence packages
readonlyRead-only access to permitted data

Credential Security

External system credentials, API keys, client secrets, OAuth tokens, are encrypted at rest using AES-256 with per-tenant encryption keys. They are never returned in API responses, never logged in plaintext, and never visible to any user through the platform UI.

When credentials must be rotated, the connector is temporarily paused, new credentials are validated, and old credentials are purged on successful rotation. Every rotation is documented with a connector lifecycle event.

Edge Agent Security

Edge Agents operate with outbound-only connectivity. They require no inbound ports, no VPN tunnels, and no firewall rules permitting inbound traffic from Nuxari. Agents authenticate using short-lived tokens that are hashed at rest.

Evidence is hashed on the agent before transmission, providing cryptographic proof that the evidence was not tampered with in transit. On agent decommission, tokens are immediately revoked.

Audit Trail Immutability

Audit events and evidence records are immutable after creation. They cannot be deleted by org admins within the configured retention window. Audit events cannot be back-dated, modified, or suppressed. Every security-relevant action, login, role change, credential access, evidence export, generates an audit event before responding to the caller.

What Is Never Exposed

The following data is never included in API responses, log files, or evidence records:

  • Passwords in any form
  • OAuth tokens or refresh tokens
  • API keys or client secrets
  • Private keys of any kind
  • Full raw third-party API responses
  • Sensitive PII beyond what is necessary to document the governance event
Get started

Build the operating layerfor governance work.

See how Nuxari Ops reduces manual IT work, eliminates access drift, and generates audit evidence automatically, across your entire enterprise.

Explore the platform