# 🔐 Evidence – Identity and Access Management

## Purpose
This folder contains evidence showing how user accounts, roles, MFA, and authentication systems are managed via Keycloak and Tailscale.

## Included Artifacts
- Realm export (`keycloak-realm-export.json`)
- Screenshots of MFA policy
- Group-to-role mapping export
- Tailscale ACL and device log

## Review Checklist
- [ ] MFA enforced for all privileged users
- [ ] User roles mapped and validated
- [ ] Keycloak policies match SSP configuration