[Home](/en/)›[Product](/en/product)›Security & Access Control

Product

# Security & Access Control

Enterprise-grade security built in from the start: authentication, authorisation, 2FA, SSO, and a full audit trail.

[Start Free](https://portal.otms.transportial.com/auth/register)[Request a Demo](/en/contact)

JWTTOTPRBACSAML 2.0Argon2Rate limitingSentry

200+

Named permissions

TOTP

2FA built-in

SAML

2.0 SSO

Argon2

Password hashing

Security is not an afterthought at Transportial. JWT-based authentication with short-lived tokens, two-factor authentication, 200+ named permissions, SAML 2.0 SSO, Argon2 password hashing, and per-API-key rate limiting are all standard, not add-ons.

## Key highlights

* **JWT authentication:** Short-lived access tokens (minutes) with long-lived refresh tokens (days) minimise the window of exposure if a token is compromised. Token rotation is automatic.
* **Two-Factor Authentication (TOTP):** All users can enable 2FA using any TOTP app (Google Authenticator, Authy, etc.). Setup uses a QR code and generates recovery codes.
* **Role-Based Access Control (RBAC):** Five built-in roles (USER, CHAUFFEUR, SUPPORT, ADMIN, SUPER\_ADMIN) provide a sensible default structure.
* **200+ named permissions:** Fine-grained permissions like read:vehicle-description and create:trip let you control exactly what each role or user can do.
* SAML 2.0 SSO: Enterprise customers integrate their own IdP (Azure AD, Okta, or any SAML 2.0 provider) for SSO with automatic user provisioning.
* **Argon2 password hashing:** Passwords are hashed using Argon2id, the winner of the Password Hashing Competition, providing resistance against GPU-based brute-force attacks.
* **Per-API-key rate limiting:** Every API key has its own configurable rate limit. Burst traffic from a misbehaving integration is contained without affecting other consumers.
* **Error tracking & request logging:** All API requests are logged. Errors are reported to Sentry in real time with full stack traces and request context.

Technical details

Authentication is stateless, with no session storage. Access tokens are validated at the API gateway level before requests reach business logic. The permission check is performed per-endpoint via a declarative annotation system.

## Related features

[View all features](/en/product)

[Multi-Tenancy & White-LabelRun your own branded logistics platform, fully isolated, fully customisable, on your own domain.](/en/product/white-label)[Integration FrameworkConnect Transportial to any external system (ERPs, telematics, ordering platforms, and more) with a full REST API and App Store.](/en/product/integration-framework)[Reporting & InsightsTurn operational data into decisions with configurable dashboards, TQL-powered queries, and a complete audit trail.](/en/product/reporting)

View all features

[Transport Order Management](/en/product/transport-orders)[Interactive Plan Board](/en/product/plan-board)[AI-Powered Trip Optimisation](/en/product/trip-optimisation)[Fleet & Resource Management](/en/product/fleet-management)[3D Load Planning](/en/product/load-planning)[OpenMove Driver App](/en/product/driver-app)[Real-Time Vehicle Tracking](/en/product/vehicle-tracking)[Multi-Modal Routing](/en/product/routing)[Pricing Engine](/en/product/pricing-engine)[Invoicing & Financial Management](/en/product/invoicing)[Message Automations](/en/product/message-automations)[Document Management & Generation](/en/product/documents)[Integrated Email Inbox](/en/product/email-inbox)[In-App Chat](/en/product/chat)[Customer & Business Portal](/en/product/customer-portal)[Integration Framework](/en/product/integration-framework)[Reporting & Insights](/en/product/reporting)[Multi-Tenancy & White-Label](/en/product/white-label)[Security & Access Control](/en/product/security)

## Ready to put this to work?

Start free with full platform access, or talk to our team about your specific operation.

[Start Free](https://portal.otms.transportial.com/auth/register)[Book a Demo](/en/contact)

---
Canonical page: https://transportial.com/en/product/security
