TenantSecurityPolicy
Security policy and compliance configuration for a tenant workspace, defining security controls, access restrictions, verification requirements, and audit policies. This entity enables tenant-specific security postures where different organizations can enforce different security standards based on their compliance requirements, risk tolerance, and regulatory obligations. It supports country-based access restrictions, audit log retention policies, verification requirements, and security monitoring preferences. The entity works in conjunction with TenantIPWhitelistEntry for network access control and TenantPasswordPolicy for credential security. It serves as the security governance layer for multi-tenant platforms, enabling compliance with industry regulations (HIPAA, PCI-DSS, SOC2, GDPR, ISO 27001) and supporting zero-trust security architectures across enterprise applications and B2B SaaS platforms.
Properties
| Property | Type | Mode | Description | Required |
|---|---|---|---|---|
| tenant | Tenant | stored | Reference to the Tenant this security policy applies to | Required |
| allowedCountries | Country[] | stored | Countries from which access is allowed (empty array means all countries allowed) | Optional |
| blockedCountries | Country[] | stored | Countries from which access is explicitly blocked | Optional |
| requireEmailVerification | boolean | stored | Whether email verification is required for new user accounts Example: | Required |
| requirePhoneVerification | boolean | stored | Whether phone verification is required for new user accounts | Optional |
| auditLogRetentionDays | number | stored | Number of days to retain audit logs (for compliance and security investigations) Example: | Required |
| enableSecurityAlerts | boolean | stored | Whether to send security alerts for suspicious activities Example: | Required |
| allowApiAccess | boolean | stored | Whether API access is allowed for this tenant Example: | Required |
| metadata | json | stored | Additional security policy metadata and custom rules | Optional |
Examples
Example 1
{
"@type": "TenantSecurityPolicy",
"tenant": {
"@type": "Tenant",
"slug": "acme-corp",
"name": "ACME Corporation"
},
"allowedCountries": [
{
"@type": "Country",
"code": "US",
"name": "United States"
},
{
"@type": "Country",
"code": "CA",
"name": "Canada"
},
{
"@type": "Country",
"code": "FR",
"name": "France"
}
],
"requireEmailVerification": true,
"requirePhoneVerification": false,
"auditLogRetentionDays": 365,
"enableSecurityAlerts": true,
"allowApiAccess": true
}Example 2
{
"@type": "TenantSecurityPolicy",
"tenant": {
"@type": "Tenant",
"slug": "techstart",
"name": "TechStart Inc"
},
"requireEmailVerification": true,
"requirePhoneVerification": false,
"auditLogRetentionDays": 90,
"enableSecurityAlerts": true,
"allowApiAccess": false
}