System Access – Environment Authentication Protocols

Subject: Secure Access & Sovereign Portal Navigation Scope: Client Entry for TTS Sentinel, Guardian, and Pulse Module: TTS Infrastructure Control

6.1 Centralised Sovereign Portal

All TTS products are hosted within a Sovereign Cloud Environment, accessible via a unified entry point. This architecture ensures that regardless of which module is being utilised, the security perimeter and data sovereignty protocols remain consistent. Clients must navigate to the specific, unique URL provided during the final stage of their technical implementation.

6.2 Authentication & Identity Management

Access is strictly governed by Role-Based Access Control (RBAC). To initiate a session, the system requires dual-vector identification:

• Primary Identifier (Username): The user’s registered corporate email address, which must be whitelisted within the company’s "Authorised User" table.
• Secondary Identifier (Password): A secure, system-generated alphanumeric string provided during the Onboarding cycle.

Note: For Enterprise clients, the site supports Integration with existing SSO (Single Sign-On) providers such as Azure AD or Okta, allowing for seamless identity federation.

6.3 Login & Session Initiation Procedure

1. Environment Navigation: Navigate to the provided TTS Sovereign Portal URL. Ensure the connection is secured via TLS 1.3.
2. Identity Verification: Input the whitelisted Username into the identification field.
3. Credential Submission: Input the Password or utilize the connected SSO prompt.
4. Session Handshake: Select "Login" to initiate the encrypted session. The site will perform a momentary security handshake to verify the device's posture before granting access to the dashboard.

6.4 Module Authorisation & Session Persistence

Once authenticated, the site dynamically renders only the specific modules (Sentinel, Guardian, or Pulse) associated with the client's active Pilot or Managed Operations licence.

• Session Limits: To maintain security rigour, sessions automatically expire after 12 hours of inactivity.
• Credential Recovery: In the event of forgotten credentials, users should not attempt multiple forced logins. Contact Scott Simmons directly for a manual cryptographic reset to prevent account lockout.

6.5 Security Governance

Every login attempt, successful or otherwise, is recorded in the Sovereign Audit Log. This log captures the IP address, timestamp, and device metadata, providing a transparent record for internal compliance audits.

Updated on: 29/01/2026