¶ Security Domain
The Security domain in Fuse governs how access, identity, risk, policy enforcement, and runtime approvals are applied across every layer of execution and every participating domain.
Security is foundational: all orchestration, automation, and AI activity in Fuse is secured and governed through modular security controls. It ensures that workflows are not only functional, but compliant, explainable, and access-aware — in real time.
Fuse treats security as a first-class domain — not an external feature.
Security capabilities include:
- Scoped access control across workflows, services, and UI
- Token orchestration and policy enforcement at runtime
- Federated identity and multi-provider SSO integration
- Role-based and risk-based authentication
- Runtime decision gates and access policy enforcement
- Approval workflows embedded into orchestration
- Transparent logging of identity and policy interactions
Whether you’re coordinating approvals for refunds, securing AI decision gates, or managing multi-department orchestration — the Security domain ensures operations remain governed and auditable.
- Identity Provider Integration — SCIM, SAML, OAuth2, OIDC federation
- Token Management — Scoped identity and execution tokens with audit trails
- Role-Based Access Control (RBAC) — Assign permissions and logic visibility by role
- Risk-Based Access (RiBAC) — Enforce MFA, session constraints, and trust scores dynamically
- Session Management — Govern token lifetimes, idle policies, and context propagation
- Security Groups and Permission Sets — Group-level access control and workflow gating
- Access Policy Evaluation — Enforce runtime permission checks based on roles, scopes, and identity context
- Approval Workflows — Insert multi-step, human-in-the-loop approvals within orchestration flows
- Delegated Access and Temporary Roles — Allow context-specific access grants with full auditability
- Audit Forwarding and SIEM Integration — Forward security and governance logs externally
- Identity Verification Workflows — Trigger secondary reviews or adaptive authentication
- Redaction and Compliance Handling — Govern data masking and field visibility based on policies
| Layer |
Security Role |
| Integration |
Authenticate and authorize inbound/outbound system interactions via scoped tokens |
| Automation |
Enforce policy conditions on automation triggers and actions |
| Orchestration |
Insert approval steps, risk checks, and runtime policy enforcement |
| Interoperability |
Propagate identity context and audit trails securely across domains |
Security ensures that identity, policy, and runtime access control operate cohesively across all layers.
- A refund workflow issues scoped tokens that limit access based on user role and jurisdiction, requiring supervisor approval for high-value refunds.
- A federated login from Azure AD maps users into Fuse roles, applying runtime access scopes and governance policies.
- A privileged access request triggers an identity verification step and records the full policy decision audit into SIEM.
¶ Extending the Security Domain
You can extend the Security domain using:
- Workflow Domain — Integrate approvals, risk steps, and runtime access gates into orchestrations
- Applications Domain — Manage secure app launchers and federated service access
- Visibility Domain — Audit security events, policy decisions, and approval flows
- Glossary — Learn about RBAC, RiBAC, token orchestration, runtime governance, and approval gates