Built in from day one.
The controls your security team expects — SSO, SCIM, RBAC, encryption, audit logs, and self-hosting.
Single sign-on
SAML · OIDC · enforced
User provisioning
SCIM · 142 users synced
Access control
RBAC · row-level security
Encryption
TLS 1.2+ · AES-256 at rest
Audit logs
Streaming · 90d retention
Compliance
SOC 2 Type II · HIPAA
Identity, data, governance, and AI safety — covered by one platform.
Connect your identity provider and control exactly who sees what.
Your data is encrypted, isolated, and never used to train models.
Every query and change is traceable for your security team.
AI runs inside your governance boundary, grounded in your data.
Everything your identity and security teams need to onboard with confidence.
| Capability | Details |
|---|---|
| Single sign-on (SSO) | SAML 2.0 and OIDC with any major identity provider |
| SCIM provisioning | Automatic user and group sync, instant deprovisioning |
| Role-based access control | Workspace, group, and resource-level roles |
| Row-level security | Restrict rows per user, team, or attribute |
| Audit logs | Access, query, and configuration events with export |
| Encryption | TLS 1.2+ in transit, AES-256 at rest |
Managed cloud, private VPC, or fully self-hosted inside your perimeter.
Compliance
Basedash is SOC 2 Type II compliant and supports HIPAA workflows, ISO 27001 alignment, and GDPR obligations. Request reports and documentation for your security review.
Yes. Basedash is SOC 2 Type II compliant, audited annually with continuous monitoring. Enterprise customers can request the latest SOC 2 report and complete security documentation under NDA. Basedash also supports HIPAA workflows and aligns with ISO 27001 and GDPR requirements.
Yes. Basedash supports single sign-on (SSO) using SAML 2.0 and OIDC with identity providers including Okta, Microsoft Entra ID, and Google Workspace. SCIM is supported for automatic user and group provisioning and instant deprovisioning, so access stays in sync with your identity provider.
Basedash enforces role-based access control (RBAC) alongside row-level and object-level permissions. Administrators control which sources, dashboards, and metrics each role can access, and row-level security restricts which records a user can see based on their team or attributes. AI chat and dashboards respect the same permission rules as every other user.
No. Customer data is never used to train AI models. Basedash grounds AI answers in your governed data sources and semantic layer rather than generating freeform responses, and enterprise teams can bring their own AI provider keys to keep model usage within their existing vendor and governance programs.
All data is encrypted in transit with TLS 1.2 or higher and at rest with AES-256. Each customer's data is logically isolated, and enterprise teams can deploy in a private VPC or fully self-hosted environment so data never leaves their network boundary.
Yes. Basedash provides native audit logs covering access, queries, and configuration changes, with configurable retention and export. Every AI-generated query can be traced back to the underlying data and re-run for verification, giving security and compliance teams full visibility.
Yes. Basedash offers managed cloud, private VPC, and fully self-hosted deployments using Docker, Kubernetes, or Helm. Self-hosted and VPC deployments keep all data inside your perimeter and support air-gapped environments, bring-your-own AI keys, and your own networking and retention policies.
We can help you migrate your data and dashboards from any other tool.