Authentication
Local and Google sign-in, MFA / 2FA challenges with recovery codes, workspace-specific OIDC / SSO, time-limited password resets, and progressive temporary lockouts.
Security & trust
Security, access control, and operational trust in Dashmon
Dashmon is built for infrastructure teams that need operational visibility without losing control of access, auditability, or responsible disclosure. It supports MFA with recovery codes, workspace-specific OIDC / SSO, admin step-up verification, scoped API tokens, and recent sign-in visibility.
MFA / 2FAWorkspace SSOAudit logsAPI token governance
Admin protection
Sensitive admin views are protected behind admin access checks and additional one-time verification before platform-wide or billing-sensitive workflows are shown.
Governance
Labeled API tokens, access scopes, expiry, recent-use visibility, request tracing, account security activity, shared-workspace governance, and blocked-action auditing.
What Dashmon is already doing
Access controls
Protected app and API areas, premium feature gating, admin-only routes, owner-only governance boundaries, delegated workspace controls, and additional verification for platform-wide admin workflows.
Security headers
CSP, HSTS, referrer-policy, nosniff, permissions-policy, and noindex controls for private surfaces help reduce accidental exposure.
Sensitive event tracking
Dashmon records sign-in activity, MFA and recovery-code events, token changes, admin verification, billing-sensitive actions, and protected changes for later review.
Disclosure route
A public security.txt endpoint is available for responsible disclosure and contact details.
Clear boundaries
Current limitations to be aware of
Enterprise identity is live today
Dashmon supports MFA with recovery codes, workspace-specific OIDC / SSO, SSO enforcement, domain restrictions, required or denied group policy, and role-aware workspace access.
External validation still matters
Dashmon exposes practical controls and public trust material, but long-term reliability evidence, broader compliance proof, and external security review or penetration testing should still be part of production go-live planning.
Customer review
What customers can review today
Dashmon publishes enough material for a lightweight procurement or trust review without exposing internal-only evidence. Start with the public trust pages, then use contact for deeper customer-specific questions.
Security & access overview
Review this page for MFA, workspace OIDC / SSO, audit visibility, admin verification, and responsible disclosure.
Privacy and terms
Use public privacy and terms pages for data handling, service expectations, billing, and acceptable use questions.
API docs and support paths
API authentication, request tracing, and shared-workspace behavior are documented publicly, and Help Center points customers to the fastest next step.
Customer trust pack and security review path
What the trust pack covers
Public security page, privacy policy, terms, contact details, help-center guidance, API docs, and a generated security.txt preview.
What still stays internal
Detailed audit exports, restore proof, release evidence, dependency review output, and internal compliance artifacts should be shared separately after disclosure review.
For procurement or security-review requests that need a curated bundle, use contact so Dashmon can share the right pack safely.