Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.signalark.app/llms.txt

Use this file to discover all available pages before exploring further.

Signal Ark provides a set of security controls that let workspace Admins enforce authentication standards, manage programmatic access, and maintain a complete record of platform activity. Most security settings are available to all plan tiers; SSO enforcement is a Pro-tier feature.

Single sign-on (SSO)

Pro workspaces can require all team members to authenticate through your company’s Identity Provider (IdP) rather than using email and password. Signal Ark supports the SAML 2.0 standard and works with providers like Okta, Azure AD, Google Workspace, and any other SAML-compliant IdP.
1

Open SSO settings

Navigate to Settings > Security > SSO.
2

Add your IdP metadata

Paste your Identity Provider’s Metadata URL, or upload the XML metadata file directly. Signal Ark uses this to configure the SAML trust relationship.
3

Map required attributes

Map your IdP’s user attributes to Signal Ark fields. At minimum you need to map Email and Name. Optional attributes include department and job title.
4

Test the connection

Click Test SSO to verify the configuration with a test login before enforcing it for the whole workspace. Resolve any attribute mapping errors shown in the test result.
5

Enforce SSO

Toggle Enforce SSO to require all workspace members to authenticate via your IdP. After this toggle is enabled, email/password login is disabled for all non-Admin accounts.
Before enabling SSO enforcement, confirm that at least one Admin account is provisioned in your IdP. If your IdP becomes unavailable and SSO is enforced, Admins can still log in with email/password as a fallback — standard members cannot.

API key management

API keys let you connect Signal Ark to external tools, scripts, and automations using the Signal Ark API. Each key is scoped to your workspace and carries the permissions of the Admin who created it.

Generating an API key

1

Open API Keys settings

Navigate to Settings > Security > API Keys and click Generate New Key.
2

Name the key

Give the key a descriptive name that identifies what it’s used for (for example, “Zapier integration” or “Internal reporting script”).
3

Copy the key

Signal Ark displays the full key value once, immediately after creation. Copy it now and store it in a secrets manager — you won’t be able to view it again.

Rotating an API key

If a key may have been exposed or you’re rotating keys on a schedule:
  1. Navigate to Settings > Security > API Keys.
  2. Find the key you want to rotate and click Rotate.
  3. Signal Ark generates a new key value. Copy it and update your integration before the rotation window closes.
  4. The old key value is invalidated immediately when you confirm the rotation.

Revoking an API key

To permanently disable a key, click Revoke next to it in the API Keys list. Revocation is immediate and cannot be undone. Any integration using the revoked key will begin receiving 401 Unauthorized responses.
Review your active API keys periodically and revoke any that are no longer in use. Unused keys are an unnecessary attack surface.

Session and password policies

Admins can enforce workspace-wide security policies for non-SSO users under Settings > Security > Policies:
Automatically log out inactive users after a configurable period of inactivity. Set the timeout duration in minutes. Members are prompted to re-authenticate when the session expires.
Enforce minimum password length, complexity rules (uppercase, numbers, symbols), and a rotation period (number of days before a password must be changed).
Restrict Signal Ark access to a defined list of IP addresses or CIDR ranges — useful for requiring team members to connect via a corporate VPN. Add IP ranges under Settings > Security > Policies > IP Allowlist.

Audit trail

Every significant action in Signal Ark is recorded in an immutable audit trail — including data mutations, exports, configuration changes, login events, and security policy updates. The audit trail cannot be edited or deleted by anyone, including Admins.

Querying the audit trail

Navigate to Settings > Security > Audit Trail. Use the filters to narrow events by:
  • Categorydata_mutation, security, export, auth, billing, integration
  • Actor — filter by a specific team member’s email
  • Date range — specify a start and end date
  • Account — filter events related to a specific account record

What is logged

Event typeExamples
AuthenticationLogin, logout, failed login attempt, SSO enforcement change
Data mutationsAccount created, signal deleted, contact updated
ExportsData export triggered, GDPR portability request processed
Security changesAPI key generated/rotated/revoked, IP allowlist updated
BillingPlan upgraded/downgraded, credit pack purchased
IntegrationsCRM connected/disconnected, webhook created/deleted
Auditor-role users have read-only access to the audit trail and GDPR logs without access to account data — designed for compliance and security review workflows.