Every layer of the LabsNinja SCIM Connector is designed with security as a first principle — from credential storage to tenant isolation.
SCIM bearer tokens are hashed with PBKDF2-SHA256 before storage. Plaintext credentials are never persisted to disk or logs.
Credentials can be rotated at any time via the operator dashboard. Old tokens are invalidated immediately on rotation.
Operator and customer sessions use signed session tokens with configurable expiry and revocation support.
The application validates all required environment variables at startup and refuses to start if any are missing.
SCIM credentials are tenant-scoped. A token issued for tenant A cannot access or modify tenant B data.
Internal operator routes and customer-facing routes are on separate auth stacks with different session types and privilege levels.
The items below are intentionally listed as work in progress. We will only mark them as in place once they are implemented and validated.
We do not claim SOC 2, ISO 27001, or any other certification at this time. We do not claim full GDPR compliance or guaranteed uptime. Our published Privacy Policy and DPA are designed with GDPR principles in mind and are subject to legal review before general availability.
To report a suspected vulnerability or security incident, email security@labsninja.com. Please do not disclose details publicly until we have had a reasonable opportunity to investigate and respond.
Contact us for security documentation, our DPA, or to report a vulnerability.
Security Inquiry