Enterprise controls, without the enterprise price.
FulfillPath is multi-tenant from the first line of code. Tenant isolation is enforced in the data layer, secrets are encrypted at rest, access is granular, and every mutating action is audited. These are defaults, not upsells.
How your data stays yours
The controls a larger operation expects, applied to every tenant by default.
Multi-tenant isolation
Every business table carries an org identifier, and the data layer injects and enforces it on every query. A request with no tenant in scope is rejected rather than returning cross-tenant rows.
Encrypted credentials
Channel and carrier secrets live in per-org credential rows encrypted with AES-256-GCM. Only infrastructure connection values sit in environment config, so there is no plaintext secret sprawl.
MFA, per user and per org
Every user can enroll TOTP multi-factor authentication, and an org admin can require MFA for everyone. Shared scanner devices add a PIN re-lock so activity always ties back to a person.
Granular RBAC
Permissions are individual flags rolled up into twelve role presets, from platform admin to receiving-only scanner user. Access is scoped to exactly what a role needs to do the job.
Approval workflows
High-risk actions such as inventory adjustments and receiving without a PO require a second person to approve. The request and its approval both land in the record.
Immutable audit log
Every mutating action writes an audit entry, and the audit table is append-only at the database level. You can answer who did what, when, and from where, and no one can quietly erase it.
Identity that fits how you already sign in
Sign in with an email magic link or a six-digit code, then step up with TOTP MFA. For teams on a corporate directory, single sign-on with Google Workspace and Microsoft Entra is additive, not a rebuild, because the identity model was designed provider-agnostic from the start.
- Magic link or six-digit OTP, the user's choice
- httpOnly session cookies bound to the device
- Per-user TOTP MFA with an org-wide require-MFA switch
- SSO via Google Workspace and Microsoft Entra OIDC with JIT provisioning
Session cookies are httpOnly and tied to the device that authenticated, so a stolen token does not travel to another machine.
A provider-agnostic identity table means adding Google or Entra sign-in is a configuration step, and new users can be provisioned on first login.
Bring your security questionnaire
Book a call and we will walk through tenant isolation, encryption, access control, and audit against your requirements.