Easily manage access to your infrastructure, keep your systems secure, and support compliance across your critical resources.
Single Sign-On (SSO) with Okta is here, giving you quick, easy, and secure authentication for your organization.
Single Sign-On (SSO) allows you and your team to access multiple cloud environments across DigitalOcean with one set of login credentials via your Identity Provider (IdP). SSO helps to streamline authentication across resources, improves security, and simplifies resource management for both users and administrators.
Teams centralize access control for collaborating users, and roles define their permissions within the team based on responsibilities, applying the principle of least privilege. With both predefined and custom roles, teams can further granularize access control.
API tokens let you give apps exactly the access they need, nothing more, nothing less. It's a simple way to automate tasks, keep things secure, and make your workflows run more smoothly.
Predefined roles are ideal for giving users the right level of access without manual configuration. For example, you can assign a Financial Analyst the predefined role of Billing Viewer so they can perform their job responsibilities.
Custom roles are used when predefined roles are too broad, allowing organizations to tailor permissions precisely to match specific job functions or compliance requirements.
API tokens are perfect for securely authenticating applications or scripts that need programmatic access to cloud resources, like CI/CD pipelines or monitoring tools.
SSO is most valuable in organizations that want to improve security and simplify login experiences by enabling users to access multiple cloud services with one corporate identity, i.e. through Okta.
Group teams under one organization to keep billing, access, and permissions in one place, while still giving each team the flexibility to work independently.
Learn how our built-in Identity and Access Management tools help to safeguard your cloud resources.
IAM gives you control over who can access what—and when—helping you stay secure by enforcing the principle of least privilege and reducing the risk of threats.
Our IAM tools automate user provisioning and access approvals, reducing manual work. They simplify onboarding and ensure users have the right permissions from day one.
IAM often helps teams meet industry and government regulations (i.e. SOC 2, GDPR, and HIPAA) by providing fine-grained controls.
Take a closer look at our documentation on how to customize your scopes on Personal Access Tokens (PATs)
Empower teams while protecting your cloud environment.
Limit user access to essential resources only, which helps minimize unauthorized access and protect sensitive data.
RBAC provides clear, auditable access controls, helping organizations to meet regulatory requirements and simplify compliance audits.
Streamline permission management by assigning users to predefined roles, reducing IT workload, improving productivity, and minimizing errors.
Explore our product documentation to read up on features, team roles, and possible modifications to your roles.
Superior support services are designed to meet your needs, whether you are a startup, a digital native enterprise (DNE), or anything in between.
Role-Based Access Control (RBAC) is a way to manage who can access what in your systems. Instead of giving permissions to individual users one by one, you instead assign roles such as "Modifier" or "Billing Viewer". Each role then has a specific set of permissions. This method makes it easier to keep access aligned with someone's job responsibilities and helps keep your systems secure.
A predefined role is a built-in role that comes with a set of permissions already assigned. These roles are created to match common responsibilities for team members, such as managing billing or account ownership. With predefined roles, you can quickly assign the right level of access.
No. Predefined roles for RBAC are available in the Cloud Control Panel. This feature will accommodate panel-only users. It should also be available to larger, more sophisticated users of the DigitalOcean API to also use predefined roles. There is no configuration disparity between the product experiences whether a user is a panel or an API user.
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.