Security
Security that fits your stack.
Thirdlane is built for service providers and enterprise IT, where security and compliance posture is set by the customer — not the vendor. SSO with your identity provider, encryption at rest and in transit, an integrated SBC, and per-tenant policy enforcement.
Identity & access
SSO and directory sync against the identity systems you already operate.
OIDC single sign-on
Sign in with any OIDC-compliant identity provider — Okta, Azure AD, Google Workspace, Keycloak, Authentik, and others. Works for both Configuration Manager (admin) and Thirdlane Connect (end user).
Multi-factor authentication
MFA enforced through your identity provider so policies for Thirdlane match your existing enterprise security posture.
Directory sync
Automated user provisioning from Azure AD, Okta, and LDAP. Configurable attribute mapping, test connection, and one-way sync where the directory is the source of truth.
Provider auto-discovery
Mobile Connect login auto-discovers the SSO provider from the tenant server, including Google and Microsoft sign-in.
Data protection
Credentials, recordings, and transcripts are protected at rest and in flight, with redaction in the places your support team and your own tooling actually touch.
Credential encryption at rest
Provider credentials, trunk passwords, integration secrets, and tenant configuration data are encrypted at rest with masked UI fields.
Hardened logging
Sensitive values are redacted from server logs, network traces, and exported diagnostics — across web, desktop, and mobile.
Strengthened password hashing
Modern password hashing with credential protection across the platform. PIN inputs (voicemail and otherwise) are masked in the UI.
Secure session management
Token-based reconnection, short-lived sessions, and explicit revocation paths. Reduced sensitive-data exposure in storage and during transport.
S3 storage encryption
Recordings, voicemail, and transcripts in S3 storage carry the encryption properties of the bucket — Thirdlane integrates with bucket-level KMS keys.
Network & voice security
Voice-specific protections that lift off your platform team and into the platform itself.
Integrated SBC
Session border control runs alongside the PBX core for SIP signaling normalization, topology hiding, and policy enforcement at the network edge.
STIR/SHAKEN
Caller-ID attestation for outbound calling under regulatory regimes that require it. Per-tenant configuration of attestation level and authentication.
Media encryption
SRTP for voice, DTLS for WebRTC media, with improved DTLS negotiation for complex NAT scenarios.
TLS for SIP
Encrypted SIP signaling between phones, the platform, and trunks. Let’s Encrypt automation for tenant-hosted certificates.
Tenant isolation
Per-tenant dial plans, extensions, voicemail, recordings, and admin scope — no cross-tenant data leakage by design.
Operational controls
Activity log
Routing conditions, emergency locations, agents, pickup groups, parking lots, widgets, tags, locations, and webhooks all carry change-tracking activity logs for audit and rollback.
API access controls
API keys are scoped per tenant with rotation and revocation. HTTP Basic Auth and session cookies are also supported and individually controllable.
Configurable retention
Voicemail, recording, and transcript retention is configurable per tenant. Policy-based recording rules drive which calls are captured.
Deployment models that match your security posture
Where the platform runs is itself a security choice. Thirdlane offers three:
- Multi-tenant platform — you operate the platform on your infrastructure (on-prem, your VPC, your DC). All data and credentials live where your security team controls them.
- Dedicated deployment — single-tenant install for organizations that need isolation by design, including for regulatory reasons.
- Thirdlane Cloud — Thirdlane operates the platform; available to channel partners under early access.
Walk through the security model.
Talk to our team about identity, encryption, retention, audit, and the deployment model that fits your environment.