Offboarder Admin Portal
Jobs, domains, and agent presence monitoring
Access Control
Network-layer security controls. WAF rules guard the perimeter; Authorized API Sources gates which IPs can reach non-portal endpoints.
WAF Policy
Azure Front Door WAF mode (Detection / Prevention), custom rules, UI protection toggle. Front Door perimeter defence.
Authorized API Sources
Per-scope IP allowlists for non-portal API consumers (HCM webhooks, manager email links, monitoring tools, per-tenant ingest). Default deny when STRICT_AUTH_ENABLED is on.