Workspace and role-based access controls.
Membership, roles, and per-resource scoping designed around least-privilege defaults; access changes flow into the same audit trail as the work.
SSO and SCIM provisioning are in active development.
Workspace and role-based access work today; SSO (SAML / OIDC) and SCIM provisioning for identity-provider managed teams are being built with design partners. If your team needs them, your input shapes the priority order.
Layered access, one shared model.
Access is reasoned about at the workspace level, refined per role, and scoped per resource. Changes flow into the audit trail rather than living in a separate admin log.
Workspace membership
Workspaces are the unit of access. Members are added explicitly; access does not extend across workspaces by default.
Role-based access
Owner, Admin, Member, and Viewer roles with predefined permission sets. Roles set the baseline; per-resource grants refine it.
Scoped resources
Per-resource access layers on top of the role, so sensitive datasets can be narrower than the default role allows.
Admin controls
Admins can audit current membership, rotate access, and initiate access revocation promptly when a relationship changes.
Least-privilege defaults
New members start in the smallest role appropriate for the work. Broader access is granted explicitly, captured in the audit trail.
Audited access changes
Membership changes, role changes, and per-resource grants are recorded alongside the rest of the workspace activity.
Identity provider integration
SSO (SAML and OIDC) and SCIM provisioning are in active development for teams that manage identity through an external provider.
Membership review
Admins can review the current state of membership and per-resource grants in one place, so periodic access reviews land on a clean view rather than a reconstructed list.
Workspaces first, org-wide grants last.
Northwind treats the workspace as the unit of access. A member of one workspace does not have access to another workspace by default; broader access is an explicit grant, not a side effect of being on the team.
Inside a workspace, access is layered. The role sets the baseline (what the member can see and do across the workspace). Per-resource grants refine the baseline for sensitive datasets, documents, or projects that need a narrower or broader scope. Both layers are visible in the audit trail.
For teams managing identity through an external provider, SSO (SAML and OIDC) and SCIM provisioning are in active development. Where these are needed today, we are happy to walk through the current state and the priority order.
- Workspace is the access unit; org-wide grants are explicit, not implicit.
- Role baseline + per-resource grants, both audited.
- Admin controls for membership review, rotation, and revocation.
- SSO and SCIM in active development for identity-provider managed teams.
Walk us through your access requirements.
Tell us how your team manages identity today and what your security review expects to see. We will show you which controls fit and where the active work lands.