Skip to main content
Corsa provides a range of security features that give your team control over who can access the platform, what they can do, and full visibility into everything that happens.

Authentication

Multi-Factor Authentication (MFA)

All Corsa user accounts support multi-factor authentication. Administrators can enforce MFA for their entire organization.
  • TOTP - Time-based one-time passwords via authenticator apps (Google Authenticator, Authy, 1Password).
  • MFA enforcement - Platform administrators can require MFA for all users before they can access the platform.

Single Sign-On (SSO)

Corsa supports SAML 2.0-based single sign-on, allowing organizations to centralize authentication through their identity provider.
  • Enforce authentication policies centrally through your IdP (Okta, Azure AD, Google Workspace, OneLogin)
  • Mandatory SSO mode disables password-based login entirely
  • Session management and idle timeout policies controlled by the IdP

Session Security

  • Configurable session timeout with automatic logout

Access Control

Role-Based Access Control (RBAC)

Corsa uses granular role-based access control to enforce least-privilege access across the platform.
RoleDescription
OwnerFull administrative access. Can manage billing, integrations, and team members.
AdminCan manage users, configure settings, and access all compliance data.
UserStandard access to compliance workflows: alerts, cases, clients, transactions.
  • Roles can be combined with granular permissions for fine-grained control (e.g., a user who can view alerts but cannot resolve cases).
  • Permission changes take effect immediately - no logout or session refresh required.

API Key Management

Corsa supports scoped API keys for programmatic access with built-in security controls.
  • Scoped permissions - API keys can be restricted to specific operations (read-only, write, admin).
  • Key rotation - API keys can be rotated at any time.
Never embed API keys in client-side code. Use server-side integrations or the Corsa SDK for secure access.

Audit Logging

Every action in the platform is recorded in a persistent audit log. These logs are designed to support internal compliance reviews, regulatory audits, and incident investigations.

What’s Logged

  • Authentication events - Logins (successful and failed), MFA challenges, SSO assertions, session creation and termination
  • Data changes - Status updates, note additions, alert dispositions, case resolutions
  • Configuration changes - Rule modifications, integration setup, user role changes, API key creation
  • AI agent operations - Meaningful agent actions such as alert triage, investigation narratives, and due diligence enrichment (see AI Security)

Retention & Export

  • Audit logs are retained for the duration required by the customer’s regulatory obligations.
  • Logs can be exported for integration with your SIEM or compliance reporting tools.

Secure Connections

  • All traffic to and from Corsa uses HTTPS with TLS 1.2+. Connections using older protocols are rejected.
  • Webhook deliveries are signed with HMAC-SHA256 so recipients can verify authenticity.
  • API responses include security headers (Content-Security-Policy, X-Frame-Options, X-Content-Type-Options) to protect against common web attacks.

Proactive Monitoring

Corsa continuously monitors for suspicious activity and security anomalies.
  • API abuse detection - Rate limiting detects and blocks API key misuse.
  • Automatic notifications - Security-relevant events (role changes, API key creation) trigger email notifications to platform administrators.