Overview
Identity and Access Management (IAM) is core to Codexium’s security posture. We implement role-based access control (RBAC) and least privilege principles across infrastructure, applications, and tooling.
Identity Providers & Authentication
- Central identity providers for workforce and admin access.
- Multi-factor authentication (MFA) for privileged roles and production access.
- Service-to-service authentication using strong credentials and short-lived tokens where available.
Role-Based Access Control
- Roles defined by job function (engineer, SRE, security, etc.).
- Periodic access reviews and recertification processes.
- Break-glass procedures for emergency access with detailed logging and post-incident review.
Least Privilege & Segregation of Duties
- Access grants limited to the minimum resources required.
- High-risk operations restricted to specific privileged roles.
- Separation of build, deploy, and approval responsibilities.
Client Access & Collaboration
- Support for SSO-based client access where tooling allows.
- Jointly defined roles and permissions for shared environments and dashboards.
- Prompt revocation processes for departing users.
Shared Responsibilities
Client
- Manage identities and access for internal users.
- Define approval flows for high-risk changes.
Codexium
- Manage access for Codexium staff and service accounts.
- Enforce MFA and secure authentication standards.
Cloud Provider
- Provide robust IAM primitives, logs, and policy engines.