Security & Trust
Subnetly is built as a tenant-isolated DDI and Network Intelligence service for SMB, enterprise, and MSP operations.
Platform Controls
- Tenant-scoped data model with PostgreSQL row-level security on tenant tables.
- Auth0 Universal Login for interactive authentication.
- Tenant MFA enforcement for interactive sessions when enabled by an owner or admin.
- Role-based access controls for DNS, DHCP, IPAM, audit, MSP, API tokens, webhooks, and tenant administration.
- Long-lived API tokens are tenant-bound, role-capped, hashed at rest, shown once, and subject to tenant expiry policy.
- Canonical audit events are partitioned by month and scoped per tenant.
- Audit exports are RBAC-controlled and available as CSV or JSON.
Data Protection
- Secrets are never returned after creation.
- Cloud credentials are stored through the encrypted secrets path.
- Application request bodies are capped by middleware, with explicit import limits for larger CSV workflows.
- Public and agent endpoints use separate authentication mechanisms from tenant user sessions.
MSP Isolation
MSP tenants can manage authorized client tenants from the MSP workspace. Cross-tenant rollups use explicit server-side authorization before any cross-tenant query runs.
Reliability
Subnetly runs health probes for API readiness, agent connectivity, DNS/DHCP health, and user-visible service status. Operational recovery procedures are documented in the disaster recovery runbook.