In most platforms, you manage access by restricting it after the fact. In Kordon, access is earned by responsibility β users see only the objects they own, manage, or are assigned to. Nothing leaks sideways.
Security in Kordon is not something you configure at the end. It is built into how the platform models responsibility from the first object you create.
Use the identity provider your organisation already runs. Google Workspace, Entra ID, Okta, and Keycloak are supported out of the box β SSO is integrated directly into Kordon, with no separate authentication service to deploy.
Use SCIM 2.0 to provision users and groups from your IdP automatically. When someone joins, they are provisioned. When someone leaves, their access is revoked at the next sync β no manual deprovisioning needed.
When you assign someone as an owner, manager, or doer on any object, they immediately gain visibility into exactly that object and its direct connections. Assign a group, and every member gets the same scoped access.
As your GRC program grows β more assets, more controls, more people involved β visibility expands exactly as far as responsibility does. No access sprawl, no periodic permission reviews, no manual cleanup.
Kordon's access model is different by design. Instead of granting broad visibility and relying on users not to look at what isn't theirs, Kordon starts from zero and builds up. When you assign someone to own a risk, manage a control, or complete a task, they get exactly the visibility that assignment requires β and nothing more.
Every user sees only the objects they're directly connected to β as owner, manager, doer, or group member. Sensitive security data stays in the hands of the people responsible for it, not visible to everyone who has a login.
Admin, owner, manager, and doer are not arbitrary access tiers β each has a distinct set of capabilities. Admins configure the platform. Owners carry accountability. Managers coordinate and review. Doers complete the work. The role defines what you can do, not just what you can see.
Group users together and assign the group as task doers or managers. Every group member gains the same scoped visibility into connected items. Ownership always stays personal β groups can manage and execute, but only individuals can own.
Connect Kordon to Google Workspace, Microsoft Entra ID, Okta, Keycloak, or any OIDC-compliant identity provider. SSO is built directly into Kordon β no separate authentication layer, no extra infrastructure to maintain.
Provision and sync users and groups automatically from your identity provider using SCIM 2.0. Supported with Microsoft Entra ID (Azure AD), Okta, OneLogin, Google Workspace, and any SCIM 2.0βcompliant provider.
Every change, every assignment, every task completion is logged with a timestamp and the responsible user. Access changes and structural decisions are fully traceable β exactly what internal auditors and certification bodies expect to see.