Security Admin

Read-only security & compliance posture: live runtime controls, the SOC 2 / ISO 27001 / NERC-CIP control catalog, and the crypto / secrets / data-residency configuration.

Live control posture

Desk membership

Which users belong to which trading desks, and in what capacity. Backs surveillance desk-attribution, per-desk Segregation-of-Duties, and the information barrier. Reads need governance:view; assign / remove need user:manage.

DeskUser UUIDCapacity

Pick a desk to view its members.

Crypto / secrets / residency

Non-secret configuration only — provider / backend names and enablement flags, never key material.

Control catalog (SOC 2 / ISO 27001 / NERC CIP)

Curated mapping of implemented platform controls to framework requirements, with honest maturity (implemented / partial / planned).

Enterprise SSO

Federated sign-in mints the same internal session as password login. SSO is configured via environment (never echoed by any endpoint):

OIDCAuthorization Code + PKCE — ETRMI_OIDC_ISSUER / CLIENT_ID / CLIENT_SECRET / REDIRECT_URL. Endpoints: /api/auth/oidc/start, /api/auth/oidc/callback (public).
SAML 2.0ACS at /api/auth/saml/acs — ETRMI_SAML_IDP_ENTITY_ID / SP_ENTITY_ID. XML-DSig signature verification is a deferred follow-up (fails closed by default).
SCIM 2.0Provisioning at /scim/v2/Users — guarded by the ETRMI_SCIM_TOKEN bearer (Admin-equivalent).