Security & access

Accounts and sign-in

Local accounts with password policy controls (length, complexity, expiry).
Single sign-on against your existing identity provider, and directory integration for centrally managed users and groups.
Multi-factor authentication per user, or enforced organisation-wide so there is no opting out.
Sessions are listed and revocable — sign someone out everywhere, instantly.

Roles and permissions

Three built-in roles cover most installations: administrators manage everything, operators run workloads, viewers look but don't touch. When that's too coarse, custom roles grant exactly the permissions you choose — per resource type and per action — and apply tenant-wide or to a single project. A help-desk role that can restart VMs but not delete them takes about a minute to create.

API keys

Automation gets its own scoped keys, not a person's password. A key can be limited to read-only, to specific resource types, or both — and revoked without touching anything else.

Audit

Every meaningful action — who, what, when, from where — lands in the audit log, which can forward in standard formats to your syslog server or SIEM as events happen. The trail covers sign-ins, resource changes, permission changes and platform operations.

Isolation

Tenants are hard walls: users, resources and networks in one tenant are invisible to another.
Network isolation is the default — virtual networks don't talk to each other unless you connect them, and security groups filter at each VM's port.
Storage for each tenant lives under quotas and access control like everything else.

Air-gapped and high-assurance environments

The platform is built to run disconnected: installation, updates and operation need no internet access and no external services. There is no telemetry and no phone-home. For regulated and classified environments, that's not a feature — it's a requirement, and it was designed in from the start.