Security Dashboard

medium complexity MVP extracted Security & Audit Confidence: 100%

Components

Shared

User Stories

Yes

Analyzed

Description

The Security Dashboard provides organization administrators with a centralized view of security-related events across their tenant, surfacing authentication anomalies, failed login attempts, suspicious access patterns, and system-level events in near-real time. It enables proactive threat detection so administrators can respond to potential breaches before they escalate. The dashboard also makes Global Admin time-bounded support-access sessions immediately visible and auditable, reinforcing the platform's strict tenant isolation model.

Sources & reasoning

The blueprint marks this feature MVP under admin-security. The source doc establishes that Global Admin support access must always be logged and visible to the organization - a security dashboard is the natural admin surface for that visibility. The strict tenant isolation model described throughout the doc requires a dedicated place for admins to monitor security events within their organization.

No source references — this artifact was included based on reasoning alone (see above).

Analysis

Business Value

Security visibility is critical for organizations handling sensitive data about vulnerable individuals. The Security Dashboard enables admins to monitor their tenant's security posture without requiring database or log file access. By surfacing suspicious events in an accessible UI it reduces breach response time and supports GDPR compliance. For organizations like Blindeforbundet handling encrypted personal health data, real-time monitoring is a legal obligation. The dashboard makes time-bounded Global Admin support sessions visible and auditable by default, reinforcing strict tenant isolation and giving organizations confidence that external access to their data is always traceable and accountable.

Implementation Notes

Implemented as a Next.js server-rendered admin portal page querying the Security Event Service for aggregated event data. The service reads from the audit_logs table, filtering by event_type categories such as authentication failures, session anomalies, and privilege escalations. Charts and counters use a lightweight visualization library with optional client-side polling for near-real-time updates. Access is restricted to Organization Admin and Global Admin roles via Role Guard middleware. All queries are scoped to the requesting user's tenant to enforce multi-tenant isolation. This is an admin-portal-only feature; the Flutter mobile app has no access to this surface.