Sentinel is now in early access.
SentinelFeaturesAdmin & Security

ADM

Admin & Security

Enterprise security without enterprise complexity.

Custom RBAC, field-level security, SAML SSO, IP allowlisting, audit log, security scorecard.

See This in Action →← All Modules

3

pages

16+

capabilities

Live

status

How it connects

  • Roles & permissions control access to every module's read/write actions
  • Audit log captures every mutation across all 12 modules
  • SSO bridges into the existing credential auth flow seamlessly
  • IP allowlist middleware runs on every request before any module code executes

Every page, every feature.

3 pages in this module.16+ capabilities total.

01

Roles & Permissions

/admin/roles

Features

  • 3-tab layout: Roles | Field Security | Role Assignment
  • 7 system roles (built-in) + unlimited custom roles
  • Custom role drawer (640px): 12-resource × 4-action permission matrix with per-row 'All' checkbox
  • Field Security tab: per-field canRead / canEdit rules per role
  • Role Assignment tab: inline role select per team member
  • All changes logged in audit trail

How it connects

Permissions cascade across all modules. A user with CRM:read cannot write deals or contacts. Field-level security prevents sensitive data (e.g. deal value) from appearing for certain roles.

02

Audit Log

/admin/audit

Features

  • 500 rows loaded server-side, client-side full-text search + action filter
  • 8 action types with color-coded badges
  • 25-row pagination with numbered pages
  • Click-to-expand row: full resource ID, email, ISO timestamp
  • Action breakdown + top-5 users panels
  • Captures every mutation across all 12 modules

How it connects

The audit log receives entries from every server action in every module via the auditLog() helper in @zreo/db. It is the compliance backbone of the entire platform.

03

Security Centre

/admin/security

Features

  • Security score bar + 3-check cards — all interactive
  • SAML SSO: configure provider, entityId, ssoUrl, X.509 cert — SP-initiated flow
  • IP Allowlist: add CIDR rules, toggle active per rule, middleware enforces on every request
  • IP restriction middleware: 60 s edge cache, IPv4 CIDR bitmask matching, styled 403 response
  • API Key Hygiene panel (links to Integrations)
  • Recent security events panel

How it connects

SSO flow bridges into the existing NextAuth credential login. The IP allowlist middleware runs before any module's page or API route, protecting the entire platform.

How Admin & Security connects to the rest of Sentinel

Because every capability shares the same data, Admin & Security works better when the rest of your team is in Sentinel too.

Platform & Customisation

Field-level security applies to custom fields too.

AI Engine

AI respects every permission boundary — it never shows what the user can't see.

Integration Framework

API keys scoped to exact permissions.

Explore other modules

CRM EngineService CloudMarketing CloudCommerce & QuotingAnalytics & ReportingAI EngineCommunication HubAutomation EngineIntegration FrameworkDocument ManagementPlatform & Customisation

See Admin & Security in action.

20-minute walkthrough customised to your team. Or start a 14-day free trial right now.

Book a Demo →Start Free Trial

Previous

Platform & Customisation