LeedAB has no user directory. Access is governed by your existing IdP — Okta, Azure AD, Google Workspace, or any SAML 2.0-compatible provider. Onboarding, offboarding, and role changes propagate automatically.Documentation Index
Fetch the complete documentation index at: https://docs.leedab.com/llms.txt
Use this file to discover all available pages before exploring further.
Identity
- SAML 2.0 SSO — users authenticate through your IdP. LeedAB never stores passwords.
- SCIM provisioning — accounts sync automatically. Deprovisioning in your IdP immediately revokes access.
- MFA enforcement — enforced at the IdP level. LeedAB inherits your MFA policy.
Local username/password accounts are not supported. All authentication must flow through your SAML IdP.
Roles
Four built-in roles. Users can’t interact with surfaces outside their role.| Role | Access |
|---|---|
| Buyers | Control Tower and supplier follow-up. No compliance or BOM risk data. |
| Planners | Risk Monitor and EOL tooling. No compliance outputs or follow-up queues. |
| Legal | Export compliance screener. Read-only audit log for compliance actions. |
| Security | Full audit trail and admin surface. No procurement data or AB outputs. |
Approvals
Some AB actions require human approval. Approvals are scoped to a specific action, time-bounded, revocable from your IdP at any time, and attributed in the audit log.Audit trail
Every action is attributed to a specific user identity. The log records authentication, access, approval, AB output, and administrative events — cryptographically chained in WORM format, exportable to your SIEM.See also
Security overview
Encryption, audit logging, and air-gap mode.
Air-gap mode
Zero internet egress for export-controlled environments.