Security & Compliance
Klority is built for organizations that take **security, identity, and data privacy** seriously. Your data is isolated, encrypted, and protected by modern security best practices.
Authentication & SSO
Secure your workspace with industry-standard authentication methods:
- Single Sign-On (SSO): Enable one-click login for your entire organization using Google Workspace, GitHub, or Microsoft Azure AD.
- Two-Factor Authentication (2FA / TOTP MFA): Users can enable TOTP-based MFA for an extra layer of protection on their password login, compatible with Google Authenticator, Authy, 1Password, and any standard TOTP app.
- Role-Based Access Control (RBAC): Granular permissions to ensure team members only see what they need to.
- Secure Session Management: We use HTTP-only, secure cookies and domain-scoped isolation to prevent session hijacking.
Multi-Factor Authentication (MFA)
Klority supports TOTP-based Multi-Factor Authentication for all accounts using email/password login. Once enabled, users must verify their identity with a 6-digit time-based code at every login โ in addition to their password.
- Works with any TOTP app: Google Authenticator, Authy, 1Password, Bitwarden, and more.
- Opt-in per user: Members manage MFA from their personal Security settings. No admin action required.
- Backup codes: On setup, 8 single-use backup codes are generated so users can regain access if they lose their device.
- SSO users: Accounts authenticated via Google, GitHub, or Microsoft rely on those providers' own strong security (including their MFA). Klority's TOTP applies specifically to email/password logins.
How to enable MFA
Data Isolation & Infrastructure
Everything in Klority is built on a multi-tenant architecture designed for complete isolation.
- Database Isolation: Workspace data is logically separated at the database level. No tenant can ever access another tenant's data.
- Encryption at Rest: All data stored in our enterprise-grade relational database and encrypted cloud storage is encrypted at rest using industry-standard AES-256.
- Encryption in Transit: 100% of data transmitted to and from Klority is encrypted using TLS 1.3 (HTTPS-only).
Role-Based Access Control (RBAC) & Group Permissions
API Access
Automate your workflows securely with Klority's REST API. Generate Personal Access Tokens to safely interact with tasks, test cases, and Wiki pages from your CI/CD pipelines or internal tools.
Backups & Availability
We perform daily automated backups of all workspace data and maintain 99.9% uptime by leveraging Amazon Web Services (AWS) high-availability infrastructure across multiple availability zones.