Security
Waqti implements enterprise-grade security measures to protect your procurement data.
Authentication
Password Requirements
- Minimum 8 characters
- Must include uppercase and lowercase letters
- Must include numbers and special characters
- Password history enforcement (cannot reuse last 5 passwords)
Session Management
- Automatic session timeout after 30 minutes of inactivity
- Single session per user (optional)
- Secure session tokens with encryption
Two-Factor Authentication (2FA)
Waqti supports TOTP-based two-factor authentication for enhanced security.
Enabling 2FA
- Go to Settings → Profile
- Click Enable Two-Factor Authentication
- Scan the QR code with your authenticator app (Google Authenticator, Authy, etc.)
- Enter the 6-digit code to verify
- Save your recovery codes in a secure location
Row-Level Security (RLS)
Waqti implements PostgreSQL Row-Level Security to ensure complete data isolation between tenants.
How It Works
- Each tenant has a dedicated schema in the database
- RLS policies enforce that users can only access data within their tenant
- Even database administrators cannot accidentally access other tenants' data
Audit Logging
Every action in Waqti is logged with:
- Timestamp
- User ID
- IP Address
- Action type
- Before/after values for data changes
Accessing Audit Logs
- Go to Settings → Audit Log
- Filter by date range, user, or action type
- Export logs for compliance reporting
SOCPA Compliance
Waqti is designed to meet Saudi Organization for Chartered and Professional Accountants (SOCPA) requirements:
- Complete audit trail for all financial transactions
- Document retention policies
- Role-based access controls
- Segregation of duties enforcement
Data Encryption
At Rest
- All data encrypted using AES-256
- Encryption keys managed via secure key management service
In Transit
- TLS 1.3 for all connections
- HTTPS enforced on all endpoints
- Certificate pinning for mobile apps
SSO Integration
Waqti supports enterprise SSO via:
- SAML 2.0
- OAuth 2.0 / OpenID Connect
- LDAP/Active Directory
See Integrations for setup instructions.