| CARVIEW |
Simple and secure Identity and Access Management
Easily manage access to your infrastructure, keep your systems secure, and support compliance across your critical resources.
Support for Single Sign-On is Here
Single Sign-On (SSO) with Okta is here, giving you quick, easy, and secure authentication for your organization.
Identity and Access Management tools
Single Sign-On
Single Sign-On (SSO) allows you and your team to access multiple cloud environments across DigitalOcean with one set of login credentials via your Identity Provider (IdP). SSO helps to streamline authentication across resources, improves security, and simplifies resource management for both users and administrators.
Teams
Teams centralize access control for collaborating users, and roles define their permissions within the team based on responsibilities, applying the principle of least privilege. With both predefined and custom roles, teams can further granularize access control.
API Tokens
API tokens let you give apps exactly the access they need, nothing more, nothing less. It's a simple way to automate tasks, keep things secure, and make your workflows run more smoothly.
Common use cases for Identity and Access Management
Quickly granting secure, role-appropriate access
Predefined roles are ideal for giving users the right level of access without manual configuration. For example, you can assign a Financial Analyst the predefined role of Billing Viewer so they can perform their job responsibilities.
Enforcing least privilege access for unique workflows
Custom roles are used when predefined roles are too broad, allowing organizations to tailor permissions precisely to match specific job functions or compliance requirements.
Automating infrastructure and integrating with external tools
API tokens are perfect for securely authenticating applications or scripts that need programmatic access to cloud resources, like CI/CD pipelines or monitoring tools.
Centralizing user authentication across services with one Identity Provider
SSO is most valuable in organizations that want to improve security and simplify login experiences by enabling users to access multiple cloud services with one corporate identity, i.e. through Okta.
Managing multiple teams under one organization
Group teams under one organization to keep billing, access, and permissions in one place, while still giving each team the flexibility to work independently.
Why Identity and Access Management matters
Learn how our built-in Identity and Access Management tools help to safeguard your cloud resources.
Enhanced security
IAM gives you control over who can access what—and when—helping you stay secure by enforcing the principle of least privilege and reducing the risk of threats.
Operational efficiency
Our IAM tools automate user provisioning and access approvals, reducing manual work. They simplify onboarding and ensure users have the right permissions from day one.
Improved regulatory compliance
IAM often helps teams meet industry and government regulations (i.e. SOC 2, GDPR, and HIPAA) by providing fine-grained controls.
Explore our custom scope product documentation
Take a closer look at our documentation on how to customize your scopes on Personal Access Tokens (PATs)
Manage permissions with Role-Based Access Control
Empower teams while protecting your cloud environment.
Minimize security risks
Limit user access to essential resources only, which helps minimize unauthorized access and protect sensitive data.
Improved compliance
RBAC provides clear, auditable access controls, helping organizations to meet regulatory requirements and simplify compliance audits.
Streamlined access
Streamline permission management by assigning users to predefined roles, reducing IT workload, improving productivity, and minimizing errors.
Resources hub
Dive into the details
Explore our product documentation to read up on features, team roles, and possible modifications to your roles.
World-class support
Superior support services are designed to meet your needs, whether you are a startup, a digital native enterprise (DNE), or anything in between.
Frequently asked questions
What is Role-Based Access Control Management?
Role-Based Access Control (RBAC) is a way to manage who can access what in your systems. Instead of giving permissions to individual users one by one, you instead assign roles such as "Modifier" or "Billing Viewer". Each role then has a specific set of permissions. This method makes it easier to keep access aligned with someone's job responsibilities and helps keep your systems secure.
What is a predefined role in role-based access control management?
A predefined role is a built-in role that comes with a set of permissions already assigned. These roles are created to match common responsibilities for team members, such as managing billing or account ownership. With predefined roles, you can quickly assign the right level of access.
What is a custom role in role-based access management?
What roles are available today within the DigitalOcean cloud console?
- Owner: The Owner role grants full administrative control over an entire team and its resources.
- Member: The Member role grants full administrative control over the resources within a team, but does not permit access to billing details or team settings.
- Modifier: The Modifier role permits users to update but does not allow them to delete resources. This role is ideal for teams who wish to protect sensitive resources from deletion while still allowing members to manage them.
- Biller: The Biller role grants full administrative control over billing related information and does not allow control over team settings.
- Billing Viewer: The Billing Viewer role permits read-only access to billing information only, giving users insight into billing details for cost analysis, transparency and governance without exposing sensitive operational controls.
- Resource Viewer: The Viewer role permits read-only access to resources, ideal for audit or compliance purposes. Users with this role will not have permission to create, update, or delete resources.
What are the ideal use cases for predefined roles?
What are the ideal use cases for custom roles?
When should I use predefined roles?
How do I apply roles through the Console and the API?
Will this capability be API-only? Or is it available in the Cloud Control Panel UI?
No. Predefined roles for RBAC are available in the Cloud Control Panel. This feature will accommodate panel-only users. It should also be available to larger, more sophisticated users of the DigitalOcean API to also use predefined roles. There is no configuration disparity between the product experiences whether a user is a panel or an API user.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.