Authentication & Access Control Overview
CRYMBO Connect provides a secure, modular, and flexible authentication and access control system, designed to serve the needs of businesses, institutions, financial operators, and end-users within regulated environments.
Authentication is the first security layer, ensuring that only verified identities and properly authorized users can access operational, compliance, and financial tools.
Key Concepts
-
Email & Password Authentication
Standard login for web users, secured by optional MFA (Multi-Factor Authentication). -
Server-to-Server Authentication
Secure OAuth2-based authentication for API clients and institutional integrations. -
Guest Access
Limited-access onboarding for unverified users, with upgrade flow after KYC/KYB. -
Role-Based Access Control (RBAC)
Fine-grained permissions based on roles like Admin, Compliance Officer, Institution Operator, and End-User. -
Multi-Factor Authentication (MFA)
OTP (One Time Password) via email, SMS, or authenticator apps for additional security layers. -
Single Sign-On (SSO) (optional - future support)
Integrate enterprise identity providers for corporate customers. -
OAuth2 Token Management
Used for secure session management and API integrations. -
Audit Trails
All authentication events are logged for security audits and compliance.
Supported Authentication Types
| Method | Description |
|---|---|
| User Portal Login | Secure user login via the Connect web interface |
| Institution API Authentication | OAuth2-based API token for backend-to-backend communication |
| Guest User Access | Temporary, limited access for unverified accounts |
| SSO Authentication (Future) | Integration with corporate identity providers |
Why It Matters
A strong authentication and access control layer is fundamental to ensuring:
- Regulatory compliance for KYC, KYT, AML standards
- Financial transaction integrity
- User data privacy and protection
- Reduced operational risks for institutions and operators
CRYMBO Connect’s authentication services are engineered to meet both today's digital asset compliance standards and tomorrow’s evolving regulations.