Trust Center

Authentication & Access

SSO, MFA, and access controls

PetroBench provides authentication and access control features to protect your account and data.

Authentication Methods

Single Sign-On (SSO)

Enterprise customers can integrate PetroBench with their identity provider:

  • SAML 2.0: Integration with enterprise identity providers
  • Supported Providers: Okta, Azure AD, OneLogin, and other SAML-compatible providers
  • Just-in-Time Provisioning: Users automatically provisioned on first SSO login
  • Enforced SSO: Admins can require SSO for all users, disabling password-based login

SSO is available for enterprise plans. Contact sales@petrobench.com for setup.

Multi-Factor Authentication (MFA)

Add an extra layer of security to user accounts:

  • Available for all users on all plans
  • Supports authenticator apps (TOTP): Google Authenticator, Authy, 1Password, etc.
  • Can be enforced at the organization level by admins
  • Recovery codes provided at MFA setup for account recovery

Password Requirements

For password-based authentication:

RequirementDetails
Minimum Length12 characters
ComplexityMust include uppercase, lowercase, number, and special character
HistoryLast 5 passwords cannot be reused
ResetSecure reset via email verification link

Account Lockout

TriggerAction
5 consecutive failed login attemptsAccount locked for 15 minutes
10 consecutive failed attemptsAccount locked until password reset
Lockout notificationEmail sent to account holder on lockout

Access Control

Role-Based Access Control (RBAC)

Control what users can do within your organization:

RoleCapabilities
AdminFull access, user management, organization settings, billing
MemberCreate and manage wells, run simulations, view reports
ViewerRead-only access to wells, simulations, and reports

Organization Isolation

  • Users can only access data within their organization
  • Multi-organization users can switch context as needed
  • API keys are scoped to specific organizations
  • Cross-organization data access is not possible

Session Management

SettingDetails
Session TimeoutConfigurable inactivity timeout (default: 8 hours)
Maximum Session30 days (requires re-authentication)
Concurrent SessionsAllowed across devices
Session RevocationUsers and admins can revoke active sessions
Forced LogoutAdmins can force logout for any user in their organization

User Lifecycle

Provisioning

  • Manual invite by admin (email invitation)
  • Just-in-Time via SSO (auto-created on first login)

Deprovisioning

  • Admin removes user from organization. Access revoked immediately
  • SSO deprovisioning: disabling user in your identity provider prevents future logins
  • Deactivated accounts retain data attribution but cannot authenticate

API Security

For customers using the PetroBench API:

FeatureDetails
AuthenticationAPI keys required for all requests
EncryptionAll API traffic encrypted via TLS 1.2+
Rate LimitingPer-key rate limits to prevent abuse
ScopingKeys scoped to specific organizations
RotationKeys can be rotated at any time without downtime
RevocationCompromised keys can be immediately revoked

API access is available on enterprise plans. Contact sales@petrobench.com for details.

Audit Logging

PetroBench maintains audit logs for all account activity:

CategoryEvents Tracked
AuthenticationLogin, logout, failed attempts, MFA events, password changes
User ManagementUser invites, role changes, deactivations, removals
Data AccessWell creation, simulation runs, data exports, data deletion
AdministrativeOrganization settings, billing changes, API key management
RetentionAudit logs retained for 1 year

Enterprise customers can request audit log exports for compliance reviews or SIEM integration.

Questions?

For SSO integration guides or access control documentation:

Data Protection

Encryption, backups, and privacy practices

Compliance

Certifications, frameworks, and regulatory compliance

On this page

Authentication MethodsSingle Sign-On (SSO)Multi-Factor Authentication (MFA)Password RequirementsAccount LockoutAccess ControlRole-Based Access Control (RBAC)Organization IsolationSession ManagementUser LifecycleProvisioningDeprovisioningAPI SecurityAudit LoggingQuestions?