Enterprises evaluate on governance first
In an enterprise evaluation, governance is rarely the headline feature but it is the gate. Security wants SSO and a complete audit trail. Compliance wants retention, exports, and read-access tracking. Procurement wants governance that comes with the platform, not bolted on afterward.
SaaS commerce suites put SSO behind a tier upgrade, treat audit as a third-party integration, and call role checkboxes "access control". Vendure ships SSO, audit, and row-level access as first-class plugins on the same platform that runs the catalogue, orders, and pricing.
Access control and governance, in one platform
Roles and permissions are built in. SSO, audit logging, and row-level access extend them as first-class plugins, on the same identity layer, event bus, and dashboard.
Roles, permissions, and identity
Role-based access control with granular permissions enforced on every API operation, channel-scoped roles, and a pluggable authentication strategy — in the open-source core.
Enterprise SSO
SAML 2.0 and OIDC for admin and storefront. Auto-provision accounts on first login, map IdP roles to Vendure roles, and deprovision through SCIM when people leave.
Audit logging
Entity changes, login events, and optional read-access tracking. Sensitive fields are redacted before they hit the log. Configurable retention, scheduled exports.
Row-level access control
Policy-based filtering at the query layer, applied automatically across the admin API and your custom resolvers. Conditions read the active administrator, so policies adapt per request.
One platform, one admin API, one event bus
All three plugins run inside the same application that runs your commerce. SSO sessions feed the audit trail, and row-level policies read the same identity your SSO establishes.
One runtime, no bolt-on glue. Configure everything in one place, version it in Git.
What this combination unlocks in practice
The plugins compose. Audit pulls actor identity from SSO, and row-level policies scope what those identities can read. The audit trail records who changed what and when, with the redacted before-and-after of every change.
Trusted by complex B2B commerce and enterprise retail.
What security, compliance, and procurement teams ask
The questions that come up in evaluations led by CISOs, compliance officers, and procurement.
Part of a wider enterprise feature set
Governance and compliance is one of five enterprise capability areas in Vendure, alongside B2B workflows, pricing and promotions, search and discovery, and operations and automation. Explore the full enterprise feature set.
