Module 01 — Platform

The foundation
every shop trusts.

Multi-tenant isolation, role-based access, SSO, and an immutable audit trail. Every action is logged, every user is scoped, and every tenant's data stays theirs alone.

Platform architecture blueprint
Core Capabilities

Built for shops that
can't afford a breach.

Every capability is designed around data isolation and compliance — the kind of foundation that lets you pass audits without scrambling.

01
Multi-Tenant Isolation
Every tenant's data is fully isolated at the database level. Row-level security ensures no cross-tenant data leakage — ever.
02
Role-Based Access Control
Six granular roles — Admin, Plant Manager, Supervisor, Estimator, Operator, Read-Only — each with precisely scoped permissions.
03
SSO Configuration
SAML 2.0 and OIDC support for Azure AD, Okta, and Google Workspace. Configurable in under 30 minutes with automatic group-to-role mapping.
04
Immutable Audit Trail
Every create, update, delete, view, export, and login is recorded with before/after state, IP address, and timestamp. Write-once — can never be modified or deleted.
05
Multi-Facility Support
Manage multiple plants from a single account. Each facility has its own timezone, operators, and machine registry — all under one tenant.
06
Guided Onboarding
Step-by-step wizard walks new shops through ERP connection, job import, machine configuration, role setup, and team invitations.
Technical Specifications

Enterprise-grade.
SMB-friendly.

The security and compliance posture of a Fortune 500 platform, deployable for a 15-person shop.

Authentication
JWT + SSO (SAML 2.0 / OIDC)
Token-based auth with automatic refresh. SSO for Okta, Azure AD, Google Workspace with IdP group mapping.
Audit Retention
7-year minimum
Immutable, append-only audit log with IP tracking. Write-once enforcement at the model layer — no overrides.
Tenant Isolation
Row-level + middleware
TenantScopedModel base class and TenantMiddleware ensure every query is automatically scoped to the requesting tenant.
User Roles
6 granular permission levels
Admin → Plant Manager → Supervisor → Estimator → Operator → Read-Only. Each with endpoint-level enforcement.
Onboarding
6-step guided wizard
Connect ERP → Import Jobs → Configure Machines → Set Up Roles → Invite Team → Complete. State persisted per tenant.
API
RESTful with OpenAPI 3.0
Full Swagger documentation, versioned endpoints, DRF-powered with pagination, filtering, and search.
Need help implementing?

Our AI-Native Development team can build a custom platform implementation tailored to your shop's security and compliance requirements.

Learn About the Service →
Open source is the starting line

Your foundation. Our engineering.

Factory gives you multi-tenant isolation, RBAC, and audit trails out of the box. But your compliance requirements, SSO configurations, and security policies are unique. We build custom platform implementations that integrate with your specific identity providers, meet your exact audit standards, and scale with your operation.

Talk to Our Team Learn About Custom AI-Native Development
Open source for American shops

Your data. Your rules.
Our infrastructure.

Set up your tenant, invite your team, and start capturing value — all in under an hour. Factory is free and open-source because every American manufacturer deserves enterprise-grade security, not just the ones who can afford it.

View on GitHub → Talk to Our Team → Next: Quoting →