Security
Designed with tenant boundaries, role-based access, and auditability in mind.
Authentication
Sign in with Microsoft (Entra ID / Azure AD).
The web app uses short-lived access tokens to call the API, and your access is enforced server-side.
Tenant boundaries
Subscribers only see data they are permitted to access. Membership is enforced by the API, not the UI.
Admin features are protected by role-based authorization and are not available to standard users.
Roles
Subscriber
Access only to their own subscriber data.
Admin
Can access admin screens and manage subscriber setup.
SuperAdmin (planned)
Includes Admin rights plus privileged actions like impersonation (with audit).
Impersonation (planned)
Impersonation should not be a standard admin feature. It’s a separate high-trust capability intended for customer support / incident response.
Principles
- Requires SuperAdmin (or Support role)
- Explicit audit log entry for each action
- Clearly labeled “Impersonating …” UI state
- Time-limited sessions
Transparency
WealthTracker is evolving. Security features are implemented iteratively and tested as the product grows. If you’d like a deeper technical breakdown, get in touch via contact.