Deployment and Administration

Application-Layer Security

   View as Markdown

The KanBo application layer incorporates robust protection mechanisms built into its code, communication model, and authentication flow.

Authentication & Identity

  • Azure AD Integration: KanBo relies on tenant-level authentication; no password storage.
  • Certificate Authentication: X.509 certificates secure service-to-service and API calls.
  • OAuth for Integrations: Used for Teams, Power Automate, and Outlook; all token-based.
  • Conditional Access & MFA: Fully enforced via Azure AD policies.

Authorization

  • Fine-grained role-based access control (RBAC) — Space, Card, and Workspace level.
  • Synchronization with Microsoft 365 / Azure AD groups.
  • Scoped permissions for service roles (external-services, service).

Data Protection

  • At rest: Data stored in tenant-owned SQL or SharePoint with AES-256 encryption.
  • In transit: Always protected via HTTPS (TLS 1.2+).
  • Residency: Data resides only in your chosen Azure region or on-premises.

KanBo’s data never leaves your infrastructure — even logs stay inside your tenant.