Before
Page Speed38/100
Bounce Rate82%
Conversions0.4%
After
Page Speed98/100
Bounce Rate24%
Conversions+340%
L
Logic Layer Solution
logiclayersolution.uk
before
after
We Build Digital Experiences
That Drive Growth.
150+
Projects
98%
Satisfied
8yr
Experience
All work
Security Platform · 2025

Citadel — enterprise identity vault

Zero-trust identity vault for enterprises, replacing legacy LDAP with WebAuthn-first auth and JIT access.

Client
Citadel IAM
Industry
Identity · Access Management
Duration
20 weeks
Year
2025
Zero-trustSCIMWebAuthn
sec.citadel / audit-report
Hardening report
All severities closed
Pass
Critical
0
High
0
Med
0
Low
0
FindingStatus
Outdated TLS 1.0 endpoint detected
Fixed
Missing CSP on /admin
Fixed
Stale dependency: lodash 4.17
Patched
MFA recommended for service accts
Enforced
Fig. 01 — Production UI · 2025Citadel IAM
Year
2025
Category
Security Platform · 2025
Stack
Zero-trustSCIMWebAuthn
Scope
  • Zero-trust architecture
  • WebAuthn + passkeys
  • SCIM provisioning
  • JIT elevation flow
  • Audit log lineage
Start a similar project
The challenge

What they needed to solve.

Enterprise security teams couldn't audit privileged access in real time. LDAP creds floated for years. JIT was theoretical.

Our solution

How we approached it.

WebAuthn-first vault, SCIM auto-provisioning, JIT elevation via Slack with auto-revocation, full audit lineage.

Web design

Design decisions.

Palette
#0d1117
#1c2128
#e0622a
#79c0ff
#10b981
Typography
  • AaInter — UI
  • AaGeist Mono — tokens
  • AaIBM Plex Sans — admin
Layout system

Dense audit tables, command-palette JIT requests, severity-tinted rows.

Design highlights
  • JIT requests via Slack slash command
  • Passkey-only login
  • Per-event audit replay
Before · After

What changed.

sec.citadel / audit-report
Hardening report
All severities closed
Pass
Critical
0
High
0
Med
0
Low
0
FindingStatus
Outdated TLS 1.0 endpoint detected
Fixed
Missing CSP on /admin
Fixed
Stale dependency: lodash 4.17
Patched
MFA recommended for service accts
Enforced
After
sec.citadel / audit-report
Audit findings
0 of 12 remediated
Fail
Critical
3
High
4
Med
3
Low
2
FindingStatus
SQLi in checkout.php?id=
Open
XSS reflected on /search
Open
Open S3 bucket: backups-prod
Open
Weak admin password policy
Open
Before
Drag to compare ←→
Fig. 02 — Drag handle to reveal before / afterCitadel IAM
sec.citadel / audit-report
Audit findings
0 of 12 remediated
Fail
Critical
3
High
4
Med
3
Low
2
FindingStatus
SQLi in checkout.php?id=
Open
XSS reflected on /search
Open
Open S3 bucket: backups-prod
Open
Weak admin password policy
Open
Before

LDAP-based, stale creds, manual audits, MFA via SMS.

Privileged creds
1,240
Audit prep
5 days
Phishing rate
8.2%
MFA coverage
62%
sec.citadel / audit-report
Hardening report
All severities closed
Pass
Critical
0
High
0
Med
0
Low
0
FindingStatus
Outdated TLS 1.0 endpoint detected
Fixed
Missing CSP on /admin
Fixed
Stale dependency: lodash 4.17
Patched
MFA recommended for service accts
Enforced
After

WebAuthn vault, JIT elevation, passkey-only, full lineage.

Privileged creds
108
Audit prep
4 hrs
Phishing rate
0%
MFA coverage
100%
Results

What we measured.

01Privileged creds reduced 91%
02Audit prep down to 4 hrs
03Phishing-resistant MFA on 100% of ops
04Zero breach in 18 months
Previous
Northwind — technical outerwear
Next
Veridian — sustainable architecture practice