External Customer Plane

Secure financial records without exposing the admin surface.

Anchor OS now separates workforce operations from customer access. The customer workspace is served from the public portal, while authentication is delegated to Identity Platform and internal administration remains behind IAP.

Enter Customer Workspace Service Health

Customer sessions are designed for token-only data flows. Raw SSNs, TINs, and FTI stay outside the main event plane.

Customer Workspace

Agreements, obligations, events, and masked identifiers belong here. The browser app authenticates the customer, and the backend stays isolated from workforce controls.

Operational Plane

Internal operators continue to use the protected admin plane. Customer sessions never reuse IAP or Google Cloud IAM user identities.

Audit Posture

Runtime config is emitted directly from Terraform-owned infrastructure so the portal identity path stays reviewable, reproducible, and environment-scoped.