Security
Platform-wide security policy for the RiverSync tenant — authentication, sessions and the controls governing privileged actions.
Authentication
Require two-factor for RiverSync users
Every riversync-tenant account must complete 2FA at sign-in. Recommended for a platform-owner tenant.
Single sign-on (Microsoft Entra ID)
RiverSync users sign in through the corporate Entra directory.
Connected
Allow password sign-in
Permit email & password alongside SSO. Disable to force SSO-only.
Sessions
Session timeout
Idle sign-out for console sessions.
View-as session cap (ADM-5)
Maximum duration of an audited impersonation session before it auto-ends.
Privileged actions
Require a second admin to suspend a tenant
Four-eyes approval for tenant suspension. (Open question — SPEC-APP-ADM §3)
Require approval for plan overrides
A second accounting or admin approval for off-list pricing.
Notify customer on view-as entry
Beyond the audit entry — email the customer owner when a session starts. (Open question)
Posture
2FA enrolment
100%
All 25 users enrolled
Last policy change
2026-06-20 · Rachan Suksiri
Active view-as sessions
1
Sanyodenki — started 09:41