Sazabi
Security

Authentication & Access Control

Learn about Sazabi's authentication methods and role-based access control.

Sazabi provides multiple authentication methods and role-based access control to secure your organization's data.

Authentication methods

Email and password

The default authentication method uses email and password:

  • Passwords are hashed using bcrypt
  • Password strength requirements enforced
  • Account lockout after failed attempts

Single Sign-On (SSO)

We support SSO through Google:

ProviderStatus
GoogleAvailable

For passwordless authentication, Sazabi supports magic link login. Users receive a secure link via email that logs them in without entering a password.

Organization structure

Organizations

Organizations are the top-level container for access control:

  • All team members belong to an organization
  • Billing and integrations are managed at the organization level
  • Secret API keys are scoped to the organization

Projects

Projects provide data isolation within an organization:

  • Each project has its own logs, threads, and alerts
  • Public API keys are scoped to individual projects
  • Team members can access all projects in their organization

For details on organizations and projects, see Organizations & Projects.

Roles and permissions

Sazabi uses role-based access control (RBAC) to manage what team members can do.

Available roles

RoleDescription
AdminFull access including billing, team management, settings
MemberAccess all features except team and organization settings

The organization creator is automatically assigned the Admin role.

Permission matrix

ActionAdminMember
View logs and threads
Send messages to chat
Create and manage alerts
Create and manage projects
Configure integrations
Create API keys
Invite team members
Remove team members
Change member roles
Manage billing
Delete organization

Assigning roles

To change a team member's role:

  1. Go to Settings > Team
  2. Find the team member
  3. Click the role dropdown
  4. Select the new role

Only Admins can change roles.

API key security

API keys provide programmatic access to Sazabi. For security best practices, see API Authentication.

Key types

Key typeScopeCapabilities
Public keyProjectWrite-only (log ingestion)
Secret keyOrganizationFull read/write API access

Key management

  • Store keys in environment variables, never in code
  • Rotate keys regularly (at least annually)
  • Use separate keys per environment
  • Revoke keys immediately if compromised

Session management

Session duration

  • Web sessions expire after 7 days of inactivity
  • Sessions are invalidated on password change

Organizations

Set up organizations and projects.

API Authentication

API key types and authentication best practices.

Platform Security

Infrastructure and encryption details.

Data Privacy & Retention

Understand what data Sazabi collects, how long we retain it, and your rights under GDPR.

Developer Tools

Programmatic access to Sazabi via CLI, REST API, and SDKs.

On this page

Authentication methodsEmail and passwordSingle Sign-On (SSO)Magic linksOrganization structureOrganizationsProjectsRoles and permissionsAvailable rolesPermission matrixAssigning rolesAPI key securityKey typesKey managementSession managementSession durationRelated topics