Security
Authentication, authorization, and data protection for HotCRM administrators.
Security
HotCRM implements a comprehensive security model built on the ObjectStack Protocol's security layer. This guide covers the key security areas administrators need to configure and maintain.
Authentication
HotCRM supports multiple authentication methods:
- Local Authentication — Username and password with configurable password policies
- OAuth 2.0 / OpenID Connect — Integration with identity providers (Google, Azure AD, Okta)
- SAML 2.0 — Enterprise SSO for large organizations
- API Keys — For service-to-service and integration authentication
Authorization Model
Access control is enforced at multiple levels:
Object-Level Security
Control which users can access specific business objects (e.g., Opportunity, Contract).
Field-Level Security
Restrict visibility of sensitive fields (e.g., salary information in HR, deal amounts in Sales).
Record-Level Security
Define who can view, edit, or delete individual records based on:
- Ownership — Record owner and their role hierarchy
- Sharing Rules — Organization-wide defaults and explicit sharing
- Team Access — Collaborative access for opportunity and account teams
Data Protection
| Feature | Description |
|---|---|
| Encryption at Rest | All sensitive data encrypted in the database |
| Encryption in Transit | TLS 1.3 for all API communications |
| Audit Trail | Complete history of data changes with user attribution |
| Data Masking | Configurable field masking for PII and sensitive data |
Security Best Practices
- Principle of Least Privilege — Grant only the minimum permissions required
- Regular Access Reviews — Audit user permissions quarterly
- Strong Password Policies — Enforce complexity, rotation, and MFA
- API Security — Rotate API keys and use scoped tokens
Related Resources
- Security Protocol (Architecture) — Technical deep-dive into the security model
- Users & Permissions — Practical user management guide