Log InGet Started Free
HomeProductSecurity & Access Control
Product

Security & Access Control

Enterprise-grade security built in from the start: authentication, authorisation, 2FA, SSO, and a full audit trail.

Start FreeRequest a Demo
JWTTOTPRBACSAML 2.0Argon2Rate limitingSentry
200+
Named permissions
TOTP
2FA built-in
SAML
2.0 SSO
Argon2
Password hashing

Security is not an afterthought at Transportial. JWT-based authentication with short-lived tokens, two-factor authentication, 200+ named permissions, SAML 2.0 SSO, Argon2 password hashing, and per-API-key rate limiting are all standard, not add-ons.

Key highlights

  • JWT authentication: Short-lived access tokens (minutes) with long-lived refresh tokens (days) minimise the window of exposure if a token is compromised. Token rotation is automatic.
  • Two-Factor Authentication (TOTP): All users can enable 2FA using any TOTP app (Google Authenticator, Authy, etc.). Setup uses a QR code and generates recovery codes.
  • Role-Based Access Control (RBAC): Five built-in roles (USER, CHAUFFEUR, SUPPORT, ADMIN, SUPER_ADMIN) provide a sensible default structure.
  • 200+ named permissions: Fine-grained permissions like read:vehicle-description and create:trip let you control exactly what each role or user can do.
  • SAML 2.0 SSO: Enterprise customers integrate their own IdP (Azure AD, Okta, or any SAML 2.0 provider) for SSO with automatic user provisioning.
  • Argon2 password hashing: Passwords are hashed using Argon2id, the winner of the Password Hashing Competition, providing resistance against GPU-based brute-force attacks.
  • Per-API-key rate limiting: Every API key has its own configurable rate limit. Burst traffic from a misbehaving integration is contained without affecting other consumers.
  • Error tracking & request logging: All API requests are logged. Errors are reported to Sentry in real time with full stack traces and request context.
Technical details

Authentication is stateless, with no session storage. Access tokens are validated at the API gateway level before requests reach business logic. The permission check is performed per-endpoint via a declarative annotation system.

Related features

View all features

Multi-Tenancy & White-Label

Run your own branded logistics platform, fully isolated, fully customisable, on your own domain.

Integration Framework

Connect Transportial to any external system (ERPs, telematics, ordering platforms, and more) with a full REST API and App Store.

Reporting & Insights

Turn operational data into decisions with configurable dashboards, TQL-powered queries, and a complete audit trail.

View all features

Transport Order ManagementInteractive Plan BoardAI-Powered Trip OptimisationFleet & Resource Management3D Load PlanningOpenMove Driver AppReal-Time Vehicle TrackingMulti-Modal RoutingPricing EngineInvoicing & Financial ManagementMessage AutomationsDocument Management & GenerationIntegrated Email InboxIn-App ChatCustomer & Business PortalIntegration FrameworkReporting & InsightsMulti-Tenancy & White-LabelSecurity & Access Control

Ready to put this to work?

Start free with full platform access, or talk to our team about your specific operation.

Start FreeBook a Demo