Leverages your existing security

Sapho was designed from the ground up to fit into your existing infrastructure and to integrate with your existing security footprint. It was also developed with a secure software development lifecycle that encompasses security audit and regular external penetration tests.

On-premises deployment

Sapho deploys as a Java .war file into a Java application server such as Tomcat, which can be deployed in the internal network and managed and protected like other application servers.

Data storage

Sapho stores all metadata and cached data into a SQL92 database such as MySQL, which can be isolated on the internal network like other database resources.

Network access

Sapho is accessed via HTTPS via a reverse proxy such as NGINX or Apache and mobile access can be enabled via VPN, like any other internal network resources.


Sapho authenticates users with the existing Active Directory or LDAP identity server. It authorizes use of the mobile app with the existing authorization groups based on existing Active Directory or LDAP identity servers.

Extensive logging

All interactions are logged into either the application server or system log, which in turn are pulled into the existing log management system, so any security incidents can be remediated like any other internal application.

Private cloud deployment

When deployed in an Amazon, Azure, or Google private cloud, Sapho can use available PaaS features such as Amazon’s Beanstalk Java PaaS and RDS managed database. Like other private cloud resources, Sapho will use your IPsec backhaul to connect to internal systems.