Most systems just lock the door. SIMEZU also wastes an attacker's time and records every move in a log you can verify end to end.
Trap endpoints and canary tokens that only an intruder would ever touch.
Suspicious clients slow down tier by tier: jitter, then delay, then a block.
Probe patterns, swarms and permission velocity, flagged in real time.
TOTP, rate limits and account lockout protect every sign-in path.
Allowlist trusted users and IPs, blocklist bad actors, and enforce policy per environment. A ban cascades across every connected app and group, so it sticks everywhere at once.
Restrict an environment to named users, teams or verified email domains.
Block users and IPs outright; every sign-in attempt is refused immediately.
A ban propagates to every connected app, app-group and platform group at once.
Forced login, access restriction and SSO scope, set independently per surface.
Authenticator-app two-factor, enforceable for admin and high-risk roles.
Per-IP and per-account throttling stops credential stuffing at the edge.
Repeated failures lock the account and notify the owner by email.
Asymmetric token signing with rotating public keys you verify locally.
Every action is HMAC-chained to the one before it. Change a single record and the chain breaks, so you always know the log is intact.
# each entry signed with the previous hash login.success user=4f9a prev=0a3c… token.issue actor=user prev=8b21… scope.grant app=simuze prev=c47e… chain verified ✓ 0 breaks

European infrastructure. GDPR by design. Your data stays yours.