Security
SOPHIE provides security features to protect your practice data and control access.
IP Restriction
Workspace administrators can configure an IP allowlist to restrict access to SOPHIE from specific network locations.
Setting up IP restrictions
- Go to Settings > Security.
- Enable IP restriction.
- Add allowed IP addresses or CIDR ranges.
- Save your configuration.
Once enabled, team members can only access SOPHIE from approved IP addresses.
Access denied experience
When a team member attempts to access SOPHIE from a restricted IP:
- They see an IP Restricted page with their detected location.
- They can click Request Access to send a request to workspace administrators.
- The request includes their IP address and geolocation information.
- Administrators receive an email notification and can review the request.
- If approved, the admin adds the IP to the allowlist.
Geolocation
SOPHIE detects the user's geographic location when access is denied, providing context to administrators reviewing access requests. This helps distinguish between legitimate remote access and unauthorized attempts.
Role-based access control
See Roles & Permissions for details on configuring role-based access.
Data isolation
- Workspace boundaries -- All data is isolated by workspace. Users can only access data in workspaces they belong to.
- Spaces -- Within a workspace, spaces provide additional data isolation.
- Soft delete -- Deleted items are retained for 30 days before permanent removal, allowing recovery from accidental deletions.
Audit logging
Every mutation in SOPHIE is recorded in an audit log:
- Who made the change
- What was changed
- When it happened
- The previous and new values
Audit logs cannot be modified and provide a compliance-ready record of all activity.
Authentication security
- Industry-standard OAuth 2.0 identity management
- Session token management with automatic refresh
- Support for social login providers
- Invitation-based workspace access (no self-registration to existing workspaces)