Access control, made simple
UserClouds gives you fine-grained control over data access for all your employees and end users in a single micro-service.
Fine-grained Reflect the real-world relationships that guide your authorization in a graph-based model Incorporate arbitrarily deep hierarchy and relationships, ideal for B2B & social networks Manage authorization at any level of granularity, from simple role-based access to resource-level decisions Simple Handle the most complex authorization scenarios with just a handful of objects and relationships Manage authorization through simple, developer-friendly APIs Make updating your authorization scenarios a breeze, with one centralized AuthZ API Scalable Grow to billions of users with the same authorization model as Google Zanzibar Maintain exceptional performance at vast scale Use an authorization service that can grow with your company Get started in 3 easy steps Design Your Model
Define the types of objects and relationships that you want to reflect in your authorization system.
UserClouds's authorization model is graph-based, so it can assess authorization across arbitrarily deep hierarchy and relationships. This means you can reflect the most complex authorization scenarios with just a handful of types.
Populate your graph
Easily import your existing users, objects, roles and relationships into UserClouds.
As you acquire new users, keep your authorization model up to date through simple write APIs. Use UserClouds's native authentication service, or complement our authorization with another system.
Run your authorization checks
UserClouds lets you perform all your authorization checks with a single API call to a central authorization server.
Simply use the CheckAttribute API to discover whether a given user has a particular permission on an object.
Incorporate hierarchy and relationships into your model, like indirect reports, files-in-folders and sub-group membership.
Allow users to grant your employees time-limited and audited login rights to their account for de-bugging purposes.
Leverage features specifically designed for B2B customer organizations, like unique namespaces and prevention of cross-organization access.
Build conditions into high-security permissions, like requiring engineers to be on a trusted IP address or company VPN.
Grant your engineers time-limited and audited access to production databases for emergencies and de-bugging.
Configure M2M Authorization flows quickly and efficiently to give internal and external apps secure access to your APIs.
Reduce your risk of third party compromise, employee account takeover and employee abuse by reducing the number of employees and applications that have unrestrained access to sensitive data.
Minimize the value of your datasets to external hackers through tokenization. Issue single-use tokens for each workflow to prevent data being correlated or matched between datasets.
Data access control
Centrally control who has access to which data, when and why. With UserClouds, you can even revoke or change your access policy
after the reference token has been shared and used.
Secure data sharing
Use tokenized datasets to collaborate with other companies on shared analyses, like ad attribution and clinical trial evaluation. Define tokens intelligently to achieve your goals without sharing sensitive data.
UserClouds's multi-region data infrastructure lets you abide data residency laws without slowing down your organization. You can perform workflows and analysis on tokenized data anywhere, without taking the sensitive data out of its home country.
Purpose-based access control
In one easy user interface, UserClouds lets you define and enforce fine-grained access policies, like only allowing “usage for fraud & integrity work”, or “usage on trusted IP addresses”, or “usage by senior engineers”. You can even correct errors or tighten access after the token has been shared.
With UserClouds, you can run your system (or parts of it) without replicating sensitive data. With only one single copy of PII, data deletion becomes trivial. To satisfy a deletion request, simply sever the link between PII and token in your vault.
UserClouds gives you transparency into your data access: it automatically logs when, why and by whom raw data is accessed.
UserClouds's modular design and simple configuration interface let you get started in minutes. You can start protecting your sensitive data with off-the-shelf token generation and access policies immediately.
One central policy codebase
No more writing custom code to protect endless copies of personal data in dozens of applications, languages and 3rd party providers. With UserClouds, you can maintain your policy code centrally, in one language and application.
One-click data deletion
With UserClouds, you can run your system without endlessly replicating sensitive data. With only one single copy of PII, data deletion becomes trivial. To satisfy a deletion request, simply sever the link between the PII and the token in your vault.
UserClouds lets you contain, secure and govern access to your sensitive data with native software. Replace the complex, human approvals flows with a single, coherent, powerful system.
Leverage tailored features for B2B-specific scenarios, like preventing cross-customer data access.
Comply with HIPAA regulations and minimize your risk of a sensitive data leak.
Model arbitrarily deep relationships like "friends of friends" and "3rd degree connections" in your permissions graph.
Manage access control for your employees and end users in one place.
Get a Demo Today