Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

UNIQUE can deploy a customer environment as its own (single) separated tenant on UNIQUE’s enterprise subscription. That way all data storage and data processing is encapsulated in this landing zone and separated from all other customers.

Overview

Azure Application Gateway

  • Web application firewall is filtering all requests optionally

  • IP blocking can be configured in the web application firewall optionally

Azure Storage Accounts

  • data at rest is secured with soft delete for 30 days

  • data is backed-up with 14 days backup retention and RPO of 24h

Azure OpenAI Deployments

TYK Application Gateway

  • validates JWTs

  • Incoming requests are rate-limited

SSO

  • SSO can be configured to connect to customer IDP using Entra ID, OIDC, SAML, and other methods supported by Zitadel

Encryption

  • All data at rest is encrypted using keys managed by UNIQUE

  • BYOK is possible where the customer is managing the keys

Data classification

  • Zitadel only processes and stores user authentication data

  • Redis does not store any customer data, only state

  • Azure keyvault stores encryption keys and secrets

  • All other services and data storages store data of classification level confidential, internal or public depending on the customers restrictions on data classifications to use on UNIQUE


 

  • No labels