IJRA@ إجراءات
Request a demo Demo
Request a demo Demo

Five layers. One cohesive platform.

IJRA@ is structured the way mature engineering teams build systems — clear separation of concerns, no hidden coupling, and every layer designed to be replaced.

01 — The stack

Each layer, in detail.

Layers communicate through explicit contracts. There is no shared global state, no implicit coupling, no “and-then-magic-happens” integrations.

L / 01
Presentation
Web portal, native mobile and admin console — all sharing one design system and one process model. Responsive layout from phone to wallboard.
Web PortalMobile AppAdmin
L / 02
Process
BPMN 2.0 execution engine, dynamic forms, notifications and full instance tracing. The runtime kernel of the platform.
BPMN 2.0FormsTracing
L / 03
Business Logic
Externalised rules engine, configurable workflows, escalations and approval matrices. Policy lives here as data, not code.
Rules EngineWorkflowsApprovals
L / 04
Integration
REST, SOAP, WSDL, database connectors and webhooks. Service composition is first-class, not afterthought.
RESTSOAPWSDLDB Connectors
L / 05
Data
Document repository, rules repository and an immutable audit log — the system of record for everything the platform has ever done.
DocumentsRulesAudit Log
02 — Stack

Built on enterprise-grade technology.

Modern, well-supported, widely-known. No exotic dependencies. No vendor-locked runtime.

Layer Stack Posture
Frontend HTML5 · CSS3 · JavaScript · TypeScript · Bootstrap Open
Backend .NET Core · ASP.NET MVC · C# Microsoft
Web Services REST · SOAP · WSDL · gRPC Standards
Mobile Flutter · iOS · Android · Cordova Cross-platform
Data SQL Server · Umbraco CMS · ServiceNow Enterprise
Deploy Cloud · On-premise · Hybrid · Air-gapped Flexible
03 — Standards

BPMN 2.0 + IJRA@ extensions.

Standards-compliant vocabulary, extended with the task types modern enterprise execution actually needs. The base notation stays portable.

  • Email TaskTemplated, smart-tag bound. Subject, body, recipients, attachments — all per-instance dynamic.
  • API TaskREST/SOAP with auto-discovery. OpenAPI & Postman imports.
  • Document TaskGeneration + repository binding. Versioned, bilingual-ready.
  • Smart Form TaskDynamic fields, conditional logic, server-side validations.
  • Rule TaskDMN-aligned + custom equation engine. Externally versioned.
  • Constants ResolverVersioned config injection. Hot-reload, environment-aware.
  • Multi-Lane CoordinatorSkeleton / Inner / Live phase orchestration across teams.
  • All BPMN 2.0 base elementsStart/End/Intermediate Events. User/Service/Script Tasks. XOR/Parallel/Inclusive Gateways. Pools & Lanes.
04 — Identity

Federated identity. Enterprise-grade.

IJRA@ brokers between your existing identity infrastructure and every workflow it runs — with role-, attribute-, and process-scoped authorization layered on top.

Identity Provider Protocol Use
Active Directory LDAP · Kerberos Internal staff authentication
Azure AD / Entra SAML 2.0 · OIDC Cloud-federated SSO
National ID System OAuth 2.0 · OIDC Citizen-facing portals
PKI / Smart Cards X.509 · mTLS High-assurance gov & defense
Custom IdP SAML / OIDC / Custom Per-deployment configuration

Authorization tiers

  • RBACRole-based access — pre-defined roles per workspace.
  • ABACAttribute-based — dynamic rules: department, clearance, region.
  • Process-ScopedPer-task assignment with delegation chains.
  • Document-Level ACLRepository-level access control.
  • Audit Trail AuthorityRead-only auditor role with time-bounded access.
  • Service AccountsScoped, short-lived tokens for system-to-system calls.
05 — Security

Defense-in-depth. Standards-aligned.

Six layers of defense, six compliance frameworks supported. Configurable per deployment, audit-ready by default.

GDPR

Data subject rights · DPO support · processing records · cross-border transfer controls.

PDPL (KSA)

Saudi Personal Data Protection Law. Data localization, consent management, breach notification.

PDPL (UAE)

UAE Federal Decree-Law 45/2021. Data subject rights and lawful processing requirements.

ISO 27001

Information Security Management System aligned controls across all platform layers.

NCA ECC

Saudi Essential Cybersecurity Controls. Mapped to platform configuration baseline.

Local e-Gov

Per-jurisdiction frameworks supported via configurable policy modules.

Defense layers

Layer Controls
Network WAF · DDoS protection · network segmentation · zero-trust
Transport TLS 1.3 mandated · mTLS for service-to-service
Application OWASP-aligned · SAST · DAST · pen-testing cycle
Data AES-256 at rest · field-level crypto for PII · key vault
Identity MFA · session pinning · credential rotation
Audit WORM logs · 7-year retention · SIEM-ready feeds
06 — Deployment

From public cloud to air-gapped.

Customer chooses. The same engine runs on AWS, Azure, OCI, sovereign cloud, customer data centers, and air-gapped enclaves. Data residency is enforced at the database, document repository, and audit log layers.

D / 01

On-Premise

Fully customer-controlled. Government data centers. Customer's network only. Hardware specs negotiated per deployment.

Sovereign Gov · Defense
D / 02

Private Cloud

Customer-tenanted on Azure, AWS, OCI, or local sovereign cloud. Single-tenant isolation guaranteed.

Regulated Industries
D / 03

Hybrid

Sensitive workloads on-premise. Citizen-facing portal on cloud. One control plane spans both.

Most Gov Deployments
D / 04

Air-Gapped

Zero external connectivity. Offline patch delivery. Hardened OS images. Verified package signatures.

Defense · Intelligence
07 — Scale & SLAs

Banking-grade scale. Verified.

Benchmarks performed on a 3-node cluster, commodity gov-grade hardware. Linear scaling to 10× throughput verified up to 12 nodes.

Concurrent users
1,000+

Sustained, single deployment.

Instances per day
100K+

Active process throughput.

P95 task latency
<200ms

User task → engine response.

Platform availability
99.95%

Active-active deployment SLA.

SLA targets & recovery objectives

Metric Target Notes
Platform Availability 99.95% Multi-AZ active-active
API Latency (P95) <200ms Process query endpoints
Task Assignment <2s Routing + notification
Rule Evaluation <50ms DMN decision tables
Audit Log Write <100ms Synchronous WORM commit
RPO / RTO 5min / 1hr Disaster recovery objectives
Patch Window Zero-downtime Rolling deployment
03 — Principles

What we built against.

Every architectural decision is a defence against a specific way that BPM platforms typically rot.

P / 01

No magic

Every behaviour the engine performs is declaratively specified. There are no hidden hooks where logic accumulates invisibly.

P / 02

No singleton coupling

Layers communicate through explicit contracts. The integration layer cannot reach into the process engine; the process engine cannot bypass the rules layer.

P / 03

No silent change

Every artifact — process model, rule, form, mapping, credential — is versioned and audit-logged. Nothing changes without a record.

P / 04

No vendor lock-in

BPMN 2.0 is an OMG standard. SQL is SQL. Rules export as deterministic specifications. You can leave at any time.

— Begin

Bring your most-broken process. We'll show you what one model can do.

Most first deployments go live in 6–12 weeks. Pick a single process, see it modelled, automated and measured — then decide what to roll out next.

Book a working session Explore the platform