Keeping your data secure is critical to how Metronome operates. This begins with Metronome's security operating principles: least privilege, zero-trust architecture, and denying long-lived credentials. To protect access to and transmission of your data, Metronome supports SSO, RBAC, and audit logs.
Metronome is SOC 1 Type 2 and SOC 2 Type 2 compliant. SOC 1 compliance ensures the accuracy and security of Metronome's financial controls. SOC 2 compliance ensures the secure storage and transmission of data. Type 2 compliance tests the design and effectiveness of the systems over a longer period of time.
Metronome supports single sign-on (SSO) to allow customers to centrally manage their access. SSO allows users to sign into Metronome with an already existing identity or service provider used for authentication. This negates the need to create a Metronome-specific username and password.
To learn more, see SSO.
Role-based access control (RBAC) policies define how users interact with Metronome, allowing you to minimize security vulnerabilities. The ability to define your RBAC policies allows you to restrict the data a user has access to and the actions they can take.
Metronome offers three defined roles for common scenarios: administrator, writer, and reader. You can also define custom roles.
To learn more, see Role-based access control.
It's important to have transparency into the actions taken with your Metronome account. Audit logs allow you to monitor activity to determine who made which changes when, and to identify unauthorized actions.
The Metronome audit logs track detailed records for actions taken in the Metronome app or API. The metadata for the log records includes who took the action, when the action occurred, what resource was acted upon, and whether it was successful.
To learn more, see Audit logs.