'%20stroke-width='24'%20stroke-linecap='round'%20/%3e%3ccircle%20cx='130'%20cy='180'%20r='6'%20fill='%23F8FAFC'%20/%3e%3ccircle%20cx='130'%20cy='250'%20r='6'%20fill='%23F8FAFC'%20/%3e%3ccircle%20cx='130'%20cy='320'%20r='6'%20fill='%23F8FAFC'%20/%3e%3cpath%20d='M%20130%20120%20C%20320%20120,%20390%20190,%20390%20250%20C%20390%20310,%20320%20380,%20130%20380'%20fill='none'%20stroke='url(%23corpSlate)'%20stroke-width='24'%20stroke-linecap='round'%20/%3e%3cpath%20d='M%20180%20320%20Q%20270%20320,%20310%20170'%20fill='none'%20stroke='url(%23statTeal)'%20stroke-width='18'%20stroke-linecap='round'%20/%3e%3cpolygon%20points='325,135%20285,165%20310,170%20330,185'%20fill='%232DD4BF'%20/%3e%3c/svg%3e)
Security, SSO & Audit
Authentication security
- Passwords hashed with Argon2
- Optional TOTP 2FA on email accounts
- Session list with revoke in Account Settings
- OAuth (Google) and SAML paths supported
SAML SSO (Business+)
Configure under Team Settings → SSO:
- Copy ACS URL and Entity ID (SP metadata) into your IdP (Okta, Azure AD, Google Workspace, etc.)
- Enter IdP Entry Point, Issuer, and PEM certificate
- Optional email domain — users with matching emails auto-join the team on first SSO login
- Enable SSO and save
Users initiate login via organisation domain lookup (/sso/login?domain=…).
Requires: Business or Enterprise plan and Owner-level configuration access.
End-to-end encryption
Decimake supports encrypted attachments with team key exchange (see pricing E2EE row). Client provides public key material for wrapped file keys on download.
Audit log (Enterprise)
Route: /teams/:teamId/_audit/
Immutable-style activity trail for compliance:
- Who performed the action (user + IP where logged)
- What changed (entity type, id, action verb)
- Examples: invite, remove member, role change, plan change, permission override, decision status change
Retention UI shows recent events (API returns last 50). Export for long-term archive may require Enterprise API/integration.
Team deletion
Owners may Delete Team from settings—permanent removal of spaces, pages, decisions, files, and billing linkage.
Reporting issues
Contact hello@decimake.app or use /contact for security concerns.