SSO, fine-grained access control, immutable audit trails, and branch-level isolation come standard in Nordite - not gated behind an enterprise tier or a separate add-on. For organisations with specific data residency requirements, self-hosted and managed deployment options are available.
Nordite runs as a fully managed SaaS. For teams with specific infrastructure or residency requirements, we also offer managed private deployment.
We run the infrastructure. You get a fully managed, always-current deployment with no ops overhead. Data is isolated per tenant, encrypted at rest and in transit, and never shared across accounts.
For organisations with specific data residency or network requirements. We deploy and manage Nordite in your cloud account or private infrastructure. Same product, your environment.
Fine-grained permissions at every level of the model: tenant, project, branch, module, and individual cell.
Integrate with Okta, Azure AD, Google Workspace, or any SAML/OIDC identity provider. Auto-provision users from IdP groups with claim-based role mapping. No separate user database to maintain.
Custom roles with granular permissions: viewer, contributor, planner, modeller, admin. Define which roles can read, write, approve, or administer each project. Role inheritance from tenant to project to branch.
Every planning scenario lives in its own versioned branch. Access control applies at the branch level: analysts see draft branches, executives see approved baselines, nobody sees what they shouldn't.
Restrict which dimension items specific users can see. A German regional manager sees only EMEA data. A product-line director sees only their category. Enforced at the data layer, not the UI layer.
Time-limited, audited emergency access tokens for incident response. Every use is logged, notified, and automatically revoked after a configurable window.
Scoped API keys with per-endpoint permissions. MCP access controlled per user via role membership. External MCP servers governed by tenant feature flags with call budgets.
Every cell write, formula change, dimension edit, lifecycle transition, and action execution is recorded with timestamp, user identity, and before/after values. No change is anonymous. No change is silent.
Audit logs are immutable. They cannot be altered or deleted by any user, including administrators. Retention policies are configurable per tenant (default 90 days, extendable).
Multi-stage approval chains for model changes, data submissions, and plan locks. Approvers receive notifications. Rejections include required reasoning. The full approval history is part of the audit record.
S&OP cycle management built in: define planning cycles, lock submissions by deadline, track sign-offs by department. The platform knows who approved what and when.
Working with select organisations in pilot