Security Overview
Manage your CloudZero organization's security and access controls.
CloudZero is designed with security at every level. All access to your cloud accounts is read-only, permissions are scoped to the minimum required, and your data is protected through industry-standard controls.
How CloudZero accesses your data
CloudZero connects to your cloud accounts using delegated access roles with read-only permissions. CloudZero accesses only the cost, usage, and metadata it needs to operate. You can review the exact permissions for each cloud provider:
- AWS permissions: Delegated access via CloudFormation with open-source IAM policies.
- Azure permissions: Read-only access to billing data via MCA, EA, or CSP agreements.
- GCP permissions: Read-only access to billing exports.
Access controls
CloudZero provides multiple layers of access control for your organization:
- Single Sign-On (SSO): Authenticate users through Okta, Microsoft Entra ID, OpenID Connect, or SAML.
- Users & Permissions: Assign Roles to control what users can see and do within CloudZero.
- Namespace Access Control: Restrict who can view and edit Dimension definitions within each namespace (preview).
Have questions or feedback? Reach out to your account manager.
Updated 16 days ago