Skip to content
Griffin31 Help Center

Griffin31 Architecture & Security

Griffin31 Architecture & Security Overview

Section titled “Griffin31 Architecture & Security Overview”

Cloud Hosting & Compliance

Section titled “Cloud Hosting & Compliance”

The Griffin31 platform is built on Microsoft Azure and is a SOC 2 Type II certified platform. This certification confirms that our internal controls and security practices meet the highest industry standards for protecting customer data.

Edge Security & Identity

Section titled “Edge Security & Identity”
  • WAF Protection: We use an Azure Web Application Firewall (WAF) as the primary entry point to inspect and filter all incoming traffic.
  • OAuth 2.0 Flow: Authentication is routed through your Microsoft Entra ID. This ensures your specific Conditional Access Policies (CAP) are strictly enforced, allowing you to require Passkeys, Geo-fencing, or frequent re-authentication specifically for Griffin31 access.

Automated Integration & Secret Management

Section titled “Automated Integration & Secret Management”

Onboarding establishes a Service Principal (Enterprise Application) in your tenant.

  • Zero Maintenance: There is no requirement for customers to manually create app registrations or handle client secrets.
  • Backend Security: Griffin31 leverages Azure Managed Identities and Azure Key Vault for the automatic rotation and secure handling of all system credentials.

Data Access & Governance

Section titled “Data Access & Governance”

The platform is designed around the Principle of Least Privilege:

  • Read-Only: All API permissions are strictly Read-Only.
  • Scope Limitation: The system is restricted from accessing user emails or files.
  • RBAC: We support native Role-Based Access Control to ensure your team members operate under a strict least-privilege environment.

Internal Governance (RBAC)

Section titled “Internal Governance (RBAC)”

Griffin31 provides native Role-Based Access Control (RBAC). This allows your administrators to grant platform access to team members based on their specific roles, maintaining a strict least-privilege environment.

Required API Permissions

Section titled “Required API Permissions”

The following permissions are required to provide security insights and support SSO. Note that only three permissions are Delegated to facilitate Single Sign-On; all others are Application type for environment scanning.

For the full and updated list of permissions with detailed descriptions, see API Permissions Descriptions.