SaaS
Licensed
RBAC
MFA
Audit
Multi-tenant Identity & Access Control for real products.
Auth0-style SaaS subscriptions + FusionAuth-style licensed deployments — with RBAC controls that scale cleanly from pilot to enterprise.
Policy-first plans (no hardcoded tiers)
Limits and entitlements are modeled as a policy surface so you can evolve pricing without redesigning the platform.
Strong security controls
MFA support vs MFA required, method controls (TOTP / SMS / Email), token/session posture, and auditability.
Enterprise-ready integrations
REST API access, high-performance RPC entitlements, external events/webhooks, and audit log export hooks.
BUILT LIKE A PLATFORM COMPANY
Limits, entitlements, and governance you can actually sell
TrueCaaS models the same dimensions buyers ask for: scale counts, MFA posture, API/RPC access, events, audit, and governance controls.
Policy-first plans (no hardcoded tiers)
Limits and entitlements are modeled as a policy surface so you can evolve pricing without redesigning the platform.
Strong security controls
MFA support vs MFA required, method controls (TOTP / SMS / Email), token/session posture, and auditability.
Enterprise-ready integrations
REST API access, high-performance RPC entitlements, external events/webhooks, and audit log export hooks.
POLICY SURFACE
Capability & limit matrix
Everything is modeled in a way that avoids hardcoded tiers — upgrade plans without redesigning your system.
Core scale limits (counts)
Platform: Max tenants
Prevents cheap license abuse / runaway growth.
Tenant: Max environments
Natural isolation and pricing lever.
Environment: Max applications
Direct revenue driver.
Application: Max app users
Primary SaaS metric.
Application: Max roles
Controls RBAC complexity.
Application: Max privileges
Prevents RBAC explosion.
Tenant: Max tenant users
Controls admin sprawl.
Identity & security controls
Platform: MFA supported
Global capability gate.
Platform: MFA methods allowed
TOTP / SMS / Email controls.
Tenant: MFA required
Tenant policy enforcement.
Tenant: TOTP enabled
Preferred secure + low cost.
Tenant: SMS MFA allowed
Cost driver / premium feature.
Tenant: Email MFA allowed
Low-cost fallback.
Application: App-level MFA override
Enterprise feature granularity.
Application: Password-only users allowed
Low-tier convenience.
API & integration controls
REST API access
Core developer value.
gRPC / RPC entitlements
High performance / embedded usage.
External webhooks (events)
Integrations and automation.
Audit log export
Compliance + security operations.
SCIM / bulk provisioning
Enterprise identity lifecycle.
Rate limits (API / RPC)
Protects infra and prevents abuse.
Operational & governance controls
Data retention period
Compliance and cost control.
Audit log depth
Enterprise buyers ask for it.
Soft-delete retention
Ops recovery and safety.
Backup frequency (SaaS)
SLA tiers.
SSO enforcement (tenant-wide)
Security posture.
IP allowlisting
Enterprise hardening.
Custom domains
Branding and trust.
Custom JWT claims
Advanced app integration.
Token lifetime control
Security posture.
Session concurrency limits
Abuse prevention.
FAQ
Common questions
What buyers and engineers usually ask in the first call.