1 · Upload
A clinician uploads a file.
Security & Operations
Access you can govern. Data you can see.
One of our largest, most regulated clients called us "the most technological vendor we have" — and their security and IT teams tell us we're easy to work with. We treat that as an obligation. We started by protecting our own core features; today Portium protects the institution's whole interaction with the internet, with nothing to install — only approved sites are reachable through our proxy, and every file your users upload is governed by the policies you set.
このページの内容
Not just a proxy — a data-leak protector
Portium doesn't only let the right people in — it watches what goes out. Every file a user uploads from inside the institution is gated and inspected before it can leave, so sensitive data never slips out to the open internet.
Files never leave the organization without approval.
2 · Scan
"Please wait, we scan."
3 · Routed
"Some sensitive information was found. Your request and file were sent to the security department, and we'll update you once it's approved."
Good to know
It's held before it ever leaves the institution. Portium routes the upload and the file to your security department for review, and the user is told their request was received and will be approved once it's cleared — nothing leaves the institution until then.
Every action, logged and managed
Every action — across the proxy, identity, authentication and admin layers — is written to the system log with its timestamp, severity, component, module, function, user and IP. When an alert comes in, filter the logs by the source IP and the whole trail is right there. No function is left without a log.
Good to know
Every action across the proxy, identity, authentication and admin layers — each entry carries a timestamp, severity, component, module, function, the user, and the source IP. No function runs without a log.
Audited and compliant
ISO 27001 · HIPAA · SOC 2 Type II — audited by KPMG.
Security that goes beyond access
From the first vendor-assessment meeting to the way we build and run the product — security is the whole engagement, not a single feature.
We come to the table: live security-review meetings, every document and questionnaire your team needs, and vendor-assessment spreadsheets filled in with you — whatever procurement and security need to say yes.
Good to know
Yes. We come to the table with live security-review meetings and fill in your vendor-assessment questionnaires and spreadsheets with you, so procurement and security get everything they need to approve.
One platform to govern every identity — automated, managed, compliant
- AutomatedJoiners, movers and leavers flow from your HR/SIS — access is never late, never orphaned.
- ManagedWe tailor the connectors and role model to your institution, then run it for you.
- CompliantISO 27001, SOC 2 Type II and HIPAA; GDPR-aligned and encrypted end to end.
Identity and access is the kind of system that should never be improvised — and it's what Portium already runs for your institution every day. The full lifecycle of every identity is automated: people are onboarded, moved and offboarded straight from your authoritative systems, provisioned into your directories, and signed in through standards-based single sign-on and MFA — so access is never late and never lingers. Roles and attributes hold everyone at least-privilege, certification campaigns prove access stays appropriate, and every action is written to a revision-safe audit trail. It's ready for the regulators — ISO 27001, SOC 2 Type II and HIPAA, GDPR-aligned, encrypted end to end — and it's built to your principles: Portium answers to your institution, with no backdoors and your data kept where your policy and region require. And it's easy, because it's managed: we tailor the deployment, the connectors and the role model to your institution in the onboarding agreement, then run it for you. Everything an institution's identity and access platform must do, in one place:
Identity lifecycle
- Authoritative HR / SIS sourcesYour HR and Student Information System become the source of truth — Banner, SAP HCM / SuccessFactors and the like drive every change.
- Identity lifecycle — Joiner, Mover, LeaverOnboarding, role changes and offboarding are automated from events in your authoritative systems — so accounts are never late and never orphaned.
- Automated provisioning & de-provisioningAccounts and entitlements are created, updated and revoked downstream automatically — delta-based, with retry and self-healing when a system is briefly unavailable.
- Directory & cloud integrationNative, event-driven provisioning into Active Directory, LDAP, Microsoft Entra ID / Azure and Google Workspace, kept in sync.
- Login-name & email generationDeterministic usernames and email addresses per your naming conventions, with collision handling, as accounts are provisioned.
Access & authentication
- SSO, MFA & federationStandards-based single sign-on (SAML 2.0, OIDC), multi-factor authentication, and federation — Shibboleth, SURFconext, Entra, Okta, Duo. Portium acts as both identity and service provider.
- RBAC & ABAC access modelsGrant access by role and by attribute, layered business → IT → meta roles, for consistent least-privilege across the institution.
- Access requests, approvals & SoDSelf-service access requests routed through approval workflows, with Segregation-of-Duties rules that block toxic combinations of entitlements.
- Access certification (attestation)Periodic recertification campaigns where managers re-confirm who has access to what — and revoke what's no longer justified.
- Role management & role miningDesign, maintain and discover roles from real access patterns, so role-based access stays maintainable at tens of thousands of identities.
- Privileged Access ManagementExtra governance for admin accounts — vaulting, just-in-time elevation and session oversight for the highest-value targets.
People & self-service
- External & guest identitiesGovern partners, guest researchers, contractors and visitors who have no HR record — sponsored, time-bounded, with automatic expiry.
- Self-service & delegated adminPassword reset, profile and access-request portals, plus delegated administration so local teams manage their own scope — and the help desk sheds load.
Audit & monitoring
- Revision-safe audit & reportingTamper-evident logs of every identity and access event, retained per policy, with reporting and usage statistics — GDPR-compliant.
- SIEM integration & monitoringStream security events to your SIEM, such as Microsoft Sentinel, with health-checks and monitoring endpoints for operations.
Platform & operations
- Open APIs & protocolsREST and SCIM for provisioning, SOAP / SPML where legacy systems require it, plus graph and directory APIs — so it connects to your whole stack.
- Deploy your wayCloud, on-premises or hybrid, with EEA or on-prem data-residency, multi-zone topology, redundancy and self-healing.
- Enterprise security, certifiedEncryption in transit and at rest, WAF and DDoS protection, regular penetration testing — ISO 27001, SOC 2 Type II and HIPAA.
- Proven at scaleTens of thousands of identities across distributed sites, without degradation.
- Long-term support & SLAsMaintenance, bug-fixing and security patching under defined SLAs — for the life of the system, not just go-live.
Good to know
A complete Identity & Access Management (IAM) and Identity Governance & Administration (IGA) platform. Beyond connecting your users to research resources, it governs identity for the whole institution — lifecycle, provisioning, SSO and MFA, role- and attribute-based access, certification and audit — in one managed system.
すべてのチームのための Portium