System & Access Control
Database-per-tenant isolation with triple-factor sessions.
This is true isolation, not row-level multi-tenancy. Each request resolves a tenant from its domain and switches to that tenant's own physical database, then filters every query by branch — and resellers add a third scoping dimension. Around 1,600 tenant databases run this way.
Sessions are bound three ways: two identity cookies plus the User-Agent are all validated against a server-side tracer on every request, so a stolen cookie alone fails — the IP and device must match too, and admins can force-logout any session. Six purpose-built authorization filters guard different domains (admin, company control-plane, client portal, client API, bandwidth reseller, MAC-admin JWT), and the user-type string itself encodes both role and tenant — the prefix selects the security path, the suffix selects the row.
What you can do
- Database-per-tenant by domain (~1,600 physical DBs)
- Branch + reseller query scoping on top
- Triple-factor sessions (cookie + IP + User-Agent)
- Force-logout any active session
- Six purpose-built authorization filters
- Per-reseller menu permission mapping
Capabilities
See exactly what ISP Digital recovers for your ISP.
Book a 30-minute demo. We'll map your billing, network and accounting onto the platform and show you the numbers — no obligation.