Security
Multi-tenant. Never shared.
SentinelHub handles your clients' most sensitive security signals. It's built so trust is the default — not an afterthought you bolt on later.
01
Per-organization isolation
- +Every database query is scoped to your organization
- +One MSP can never read another's tenants or alerts
- +Tenant data is partitioned end to end
02
Least-privilege access
- +Read-only Microsoft Graph admin consent
- +Only the security scopes the product needs
- +No standing per-tenant credentials stored
03
Authentication & roles
- +Sign in with Microsoft Entra ID
- +Admin, analyst and viewer roles
- +Session-based, role-aware authorization
04
Auditability
- +Audit log of onboarding and disconnect events
- +Full triage history per alert and incident
- +Who changed what, and when
05
Data handling
- +Encrypted onboarding state parameters
- +EU-hosted infrastructure
- +Webhook payloads validated with a secret
06
You stay in control
- +Disconnect a tenant at any time
- +Subscriptions revoked on disconnect
- +Retain or remove data on your terms
Want the details on data flows, permissions and hosting?
Talk to our team