Features
Every feature is on every paid tier. No gating by plan, no “Contact us for SSO”.
System Catalog
A single source of truth for every SaaS, vendor, and custom resource your company uses. Track ownership (business owner, IT admin, finance owner, security owner, UAR approver — plus backups), finance details (contract dates, renewals, cost), compliance posture (data classification, SOC 2 status, frameworks), and procurement notes. Quick-add curated catalog (M365, AWS, Slack, GitHub, Datadog, 1Password, Stripe, etc.) — pre-mapped to standard access levels.
Access Requests
Multi-step approval flows configurable per system, per access level. ANY-of within a stage (first holder of any listed role approves), ALL-of across stages. Notification-only stages cascade automatically. Per-entity templates and per-(entity, access-level) overrides — same product, stricter chain for the admin tier. Routing modes: immediate, manual, or auto-approve when no flow is defined.
User Access Reviews
Quarterly UAR with immutable snapshots — the access state at review-start is pinned, so later DB changes don't shift the evidence. Reviewer marks each access KEEP or REVOKE with optional justification. Counters denormalized on the review header. CSV export evidence pack for SOC 2 / SOX auditors.
SSO and Identity
Microsoft Entra OIDC and SAML 2.0 (Okta, JumpCloud, Google Workspace, Auth0, Generic). 5-minute setup wizards per provider with copy-paste blocks. Discover-and-import SSO groups — only the groups you explicitly Import mirror as Useboards groups that grant access. WebAuthn passkeys and TOTP 2FA. MFA enforcement per role.
Compliance Board
SOC 2 portfolio at a glance — red/yellow/green risk per system based on opinion type, exception count, and report age. Drag a SOC 2 PDF onto a system Compliance tab; opt-in AI extraction parses auditor, period, opinion, trust service criteria, and a structured exceptions list ($1/extraction). Toggle auto-apply to write extracted fields straight into the system's structured columns.
Audit Log
Append-only at the database layer — a Postgres trigger rejects UPDATE and DELETE on event_log. Every create, update, role change, group membership flip, access grant or revoke is timestamped with actor and tenant. Tamper-evident for SOC 2 CC4.1, ISO 27001 A.12.4, SOX evidence.
Groups + Membership
Group access is the unit of authorization. Adding a member materializes every group grant; removing unmaterializes them through clean REVOKE requests. Privileged groups gate at join (owner approval); baseline groups activate immediately. No "in the group but no access" divergence.
HR Onboarding + Offboarding
New-hire flow: identity creation through your own identity system (M365 / Google / Okta — your choice) → buddy review → release fanout. Offboarding gates: replacement tickets to system owners, 5pm cut-off in the leaver's timezone, gated completion (last day past + every item DONE). Optional "revoke all now" for for-cause cases.
Unified Notifications
Every email — magic-link, approval requests, status updates, security alerts — flows through one dispatcher. Audit row per attempt in notification_log. SES bounce / complaint suppression list. Per-user preferences for optional categories (reminders, status updates, renewals). Security / action-required / compliance categories are mandatory — never silenced.
Reports
Top-level Reports surface: access reviews due, dormant accounts, stalled approvals, SOC 2 expiry, group privilege drift. As-of date controls (current state, point-in-time, look-ahead). CSV export. Authz per report group — Finance sees finance, Compliance sees compliance, Auditor sees all.
Tenant-wide Configuration
Workspace export (full data ZIP — JSON + CSV per entity + audit log JSONL). GDPR-compliant tenant deletion lifecycle: ADMIN request → email confirmation → 30-day grace → cron purge with 7-year audit archive. Bulk import (catalog-only — operational history not importable by audit-integrity decision).
Multi-tenancy + Isolation
Tenant data is fenced at three layers: app-layer auto-scoping Prisma extension (forgetting tenant_id throws, can't leak), Postgres NOT NULL on every tenant-owned table, and 33 parent/child consistency triggers (a child row with mismatched tenant_id is rejected at the DB). Cross-tenant breach surface eliminated below the application code.
See every feature on a pre-seeded sandbox — no credit card, 14 days free.