| Feature | Implementation | | :--- | :--- | | | LDAP, Active Directory, SAML 2.0 (Okta/Azure AD), X.509 Certificates | | MFA | Time-based OTP (TOTP) or hardware tokens | | Granular Permissions | Per-folder read/write/delete/list; IP whitelisting; time-based access windows | | Session Management | Automatic timeout, concurrent session limits, and forced re-authentication for privileged actions |