Skip to main contentGoSentrix supports multiple authentication models to meet different security requirements.
JWT-Based Authentication
Primary authentication method using JSON Web Tokens:
- Access Tokens: Short-lived (15 minutes) for API requests
- Refresh Tokens: Long-lived (7 days) for token renewal
- Issuer Validation: Tokens must be issued by GoSentrix
- Audience Validation: Tokens must target specific API planes
Multi-Factor Authentication (MFA)
Optional but recommended for enhanced security:
- TOTP: Time-based one-time passwords via authenticator apps
- Backup Codes: One-time use codes for recovery
- Enforcement: Can be required for all users or admins only
Single Sign-On (SSO)
Enterprise integration with identity providers:
- SAML 2.0: Industry standard for enterprise SSO
- OIDC: Modern protocol for web and mobile apps
- Provider Support: Google Workspace, Azure AD, custom providers
Step-Up Authentication
Additional authentication for sensitive operations:
- Trigger: Sensitive operations (SSO disable, domain deletion, etc.)
- Method: MFA verification required
- Duration: 15 minutes of elevated access
- Purpose: Prevent unauthorized access to critical functions
Session Management
- Automatic Expiration: Sessions expire after inactivity
- Concurrent Sessions: Multiple devices supported
- Session Revocation: All sessions can be revoked
- Audit Trail: All sessions are logged
