# Security Mechanism

The **FPT Data Suite** system is designed with **multi-layered security architecture**, ensuring **data protection**, **tight access control**, and compliance with **enterprise-grade security standards**.

#### Secure Authentication & Login

* **Single Sign-On (SSO)**:\
  Supports login via trusted platforms such as **FPT ID**, **Google**, **Facebook**, or organizational identity providers (via **SAML / OIDC**).
* **Multi-Factor Authentication (MFA)**:\
  Adds an additional layer of protection by requiring a second verification method beyond username and password.
* **Token-Based Authentication**:\
  Uses industry-standard protocols like **OAuth2** and **JWT** to securely manage user sessions.

#### Access Control & Authorization

* **Role-Based Access Control (RBAC)**:\
  Manages user permissions at multiple levels — **Organization**, **Workspace**, and **Report**. Each role defines clear access scopes.
* **Flexible Sharing**:\
  Allows reports to be shared with individuals or user groups, while controlling what data and functionality they can access.
* **Data-Level Security**:\
  Ensures users only see the data they are authorized to access — even when viewing the same report — by applying row-level filters or access conditions.