Identity & Access Management
Authentication, authorization, and access control
Identity & Access Management
Tiquo protects every login, session, and device through comprehensive identity and access management controls.
Authentication & Identity Security
Tiquo operates two fully isolated identity frameworks to ensure appropriate security for different user types.
Staff Authentication
Enterprise-grade authentication for your team:
| Feature | Description |
|---|---|
| SSO Support | OAuth, SAML, and OIDC integration |
| Multi-Factor Authentication | Required for sensitive operations |
| Device Tracking | Monitor and manage logged-in devices |
| Session Revocation | Instantly revoke suspicious sessions |
| Role-Based Access | Custom roles and granular permissions |
| Audit Logs | Complete record of all staff actions |
| Security Protections | CSRF, XSS, and bot protection |
| Password Standards | NIST 800-63B compliant |
Customer Authentication
Secure, frictionless authentication for your customers:
| Feature | Description |
|---|---|
| Passwordless OTP | One-time password login via email |
| OIDC/OAuth IDP | Standards-based identity provider |
| Security Protections | CSRF and XSS safeguards |
| Session Management | Secure token-based sessions |
Tiquo ensures access is secure, auditable, and compliant for both teams and customers.
Identity Protection & Account Hardening
Credential Stuffing Protection
| Protection | Description |
|---|---|
| New device verification | Signing in from a new device always requires two-factor verification |
| Automatic OTP | If MFA isn't set up yet, Tiquo automatically sends an OTP to verify identity |
| Brute-force protection | Smart lockouts and enforced cooldown periods |
Sensitive Action Reverification
Tiquo enforces reverification for all sensitive actions:
Users must re-authenticate before making changes such as:
- Adding a new email address
- Modifying critical security settings
- Changing payment information
- Deleting account data
Security Notifications
Tiquo automatically notifies users whenever a sign-in is detected from an unfamiliar device, location, or network.
Alert Details
Notifications include device type and OS, IP address and geographic region, authentication method, and login timestamp.
Session Management
Staff can view all logged-in devices, login history and locations, and immediately revoke suspicious sessions or force logout from all devices.
These proactive notifications strengthen account security by helping users quickly validate legitimate access or take action against potential unauthorised activity.
Activity Logs
Tiquo provides detailed activity logs for both staff and customers, giving full visibility into every action taken across the platform.
Staff Activity Logs
Configuration Changes
Record all configuration and setting changes
Rollback Support
Enable rollbacks to previous states
User Attribution
Track which user made each change
Audit Trail
Support auditing and accountability
Customer Activity Logs
Capture key account interactions, provide insight into actions and history for support and compliance, and track authentication events and profile changes.
Tiquo's activity logging framework ensures transparency, accountability, and control across all operations.
Accessibility and Inclusive Design
Tiquo ensures accessibility is built into every interaction, enabling all users to navigate, understand, and operate the platform with ease.
Accessibility Standards
| Standard | Description |
|---|---|
| WCAG 2.2 | Perceivable content, operable controls, clear interfaces |
| EN 301 549 | European accessibility requirements |
| WAI-ARIA | Interactive elements compatible with assistive technologies |
This inclusive foundation ensures our security, authentication, and operational features remain accessible to every user across devices and contexts.
Ethical Automation & AI Governance
AI-assisted features in Tiquo are developed and deployed with transparency, fairness, and oversight at the core.
NIST AI Risk Management Framework
| Practice | Description |
|---|---|
| Risk Evaluation | Assess potential impacts of AI decisions |
| Bias Mitigation | Ensure fair outcomes across automated processes |
| Documentation | Model inventories and decision records |
| Behaviour Monitoring | Real-world validation of accuracy and integrity |
Human-in-the-Loop
Human-in-the-loop governance is applied to critical decisions, ensuring automation enhances security and operational efficiency without compromising user trust or accountability.
Prompt Injection Protections
Tiquo protects AI-assisted workflows against prompt injection and instruction hijacking.
| Control | Description |
|---|---|
| Context Scoping | Customer data is clearly wrapped and context-scoped |
| Instruction Separation | System instructions are separated from user-supplied content |
| Field Approval | Only explicitly approved fields are exposed to AI models |
Deterministic, Grounded Output
Model parameters are controlled to ensure consistent and predictable behaviour, including the use of low temperature settings (0.3) to minimise variability and keep outputs grounded in provided context.
All AI interactions are logged and traceable, supporting oversight, auditability, and ongoing governance. Through structured evaluation and lifecycle monitoring, we ensure that automation remains predictable, well-governed, and aligned with our broader security posture.