> ## Documentation Index
> Fetch the complete documentation index at: https://docs.binarly.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & compliance

> How the Binarly Transparency Platform handles deployment security, access control, authentication, and compliance certification.

## Isolated instances

Aside from [on-premises deployment](/user-guides/about/deployment-architectures/SaaS-vs-onprem), Binarly offers isolated instance deployments for customers requiring dedicated infrastructure. Each isolated tenant runs on dedicated compute and storage within its own cloud account or project, with complete data segregation.

Customer images are encrypted and stored in a unique object store bucket. Authentication is managed by a dedicated OIDC server within the isolated instance, and all database instances are unique to each tenant. Each customer receives a dedicated API URL with a randomly generated 8-character subdomain. Optional access for Binarly's Customer Success team requires 2FA and is used only for support purposes.

## Access control

### RBAC

Binarly provides organization management with granular role-based access control (RBAC). Administrators assign permissions to users based on their responsibilities, controlling access to features and data at the role level.

See [Roles](/user-guides/rbac/roles) and [User management](/user-guides/rbac/user-management) for configuration details.

### Authentication

#### 2FA

The Binarly Transparency Platform requires multi-factor authentication (MFA) for all logins.

#### Single Sign-On (SSO)

The platform supports SSO via SAML and OIDC, allowing organizations to integrate existing identity providers.

## Compliance

### SOC 2

Binarly holds [SOC 2 Type 2 certification](https://secureframe.com/hub/soc-2/what-is-soc-2). Compliance documents and reports are available at [trust.binarly.io](https://trust.binarly.io/).