Security and access

The Polyteia Platform provides comprehensive login protection and a finely tuned permission system to ensure security. Access to every resource - whether it's a workspace, file, report, or dataset - requires an explicit invitation.

This approach may seem restrictive at first, but it provides full control over who can view or edit which information.

Login methods

The Polyteia Platform supports three secure login procedures:

Security recommendations

For optimal security, we recommend activating all options:

• Password as an additional login method

• TOTP for strong two-factor protection

This combination ensures that access remains protected even if one method is compromised.

TOTP authentication

TOTP (time-based one-time code) generates new access codes every 30 seconds through an authenticator app such as:

• Microsoft Authenticator

• Google Authenticator

• Authy

• Duo

TOTP is considered particularly secure because:

• Codes are generated offline on your device

• Each code is only valid for a short time

• Login without your device is not possible even if your password is stolen

You can activate TOTP under Settings → Account → Authenticator app.

Access control

The Polyteia Platform follows a strict invitation-based access model. A user account alone does not grant access.

Each resource requires explicit authorization. Examples:

This model minimizes risks and meets data protection requirements.

Roles and permissions

The Polyteia Platform's role system enables precise access control at all levels:

• Organization roles: Administrator and member roles for managing platform-wide settings

• Resource roles: Viewer, editor, and owner roles for datasets, evaluations, and other resources

• Sharing options: Grant access specifically to individuals or groups with appropriate permissions

Every action – whether viewing a chart or editing a dataset – is governed by roles. This implements the principle of least privilege and ensures traceability of all access rights.