FOR IT LEADERS WHO CARE 
ABOUT THE PEOPLE BEHIND THE TECH

Staffbase is an enterprise-grade employee experience platform that ensures data integrity through ISO 27001, SOC 2 Type II, and TISAX certifications. The platform features secure global hosting on Microsoft Azure, advanced encryption in transit and at rest, and proactive threat protection via Staffbase Protect and a continuous Bug Bounty program.

Staffbase Employee AI is compliant with the EU AI Act. We use secure, isolated environments where your prompts and data are never used to train public LLMs. IT admins maintain total control with the ability to toggle AI features and ensure all outputs align with your internal verified "Source of Truth."

Read the IT leader’s guide on Employee AI here.

We support SAML 2.0 and OpenID Connect (OIDC) for seamless integration with Azure AD (Entra ID), Okta, Google, or any other identity provider that supports one of these standards. Regarding device and application management, Staffbase incorporates the Microsoft Intune App SDK and MSAL, enabling customers to secure the Employee App via both MDM and MAM for company-owned and private (BYOD) devices. This integration allows administrators to increase security by applying granular policies such as PIN requirements, screenshot prevention, and restricted data sharing to protect corporate information without requiring full device enrollment. By leveraging these capabilities, organizations can enforce Conditional Access and selectively wipe corporate data, ensuring a secure, compliant mobile experience across all managed and unmanaged endpoints.

Staffbase secures your distributed workforce by using flexible permission structures that grant access without requiring corporate email or individual licenses. Authentication is handled via Employee IDs or QR codes with support for Multi-Factor Authentication (MFA) and Passkeys. Security is managed through a tiered system of system-wide, space-wide, and content-specific roles. This allows for granular control where users are only targeted with content—such as news channels, pages, or plugins—relevant to their specific role, location, or department, while administrative rights are strictly delegated to only the necessary areas of the platform.

• Authentication & Session Security: Staffbase supports SAML 2.0/OIDC SSO (e.g., via EntraID, Okta) and local credentials with Passkey/MFA support. Governance is enforced via IDP-level Conditional Access Policies, while local sessions are managed via configurable lifetime limits, session concurrency, and custom password complexity policies that can be configured by system admins.

• Role-Based Access Control (RBAC): Granular authorization is managed through four system-wide roles (User, Editor, Managing Editor, Admin). While these roles are assigned manually in the Studio or via User API, granular Space and Group permissions allow for delegated, local administration without compromising global security.

• Content Governance & Targeting: Visibility is controlled at the element level (News, Pages, Widgets) using Groups and Spaces. Group memberships are managed via Groups API, SCIM Groups, or attribute-based rules. These attributes can be synchronized via CSV, User API, SCIM, or SSO Claims, allowing for dynamic, attribute-based access control (ABAC).

• Auditability & Integration: System integrity is maintained through User Changelogs, which provide a forensic trail of profile changes, and Page Versioning, which allows for tracking and auditing all content revisions. For automated Usermanagement/Workflows, Service Accounts (API Tokens) allow for secure, non-personal integration management.