Security
Zero-Trust Security Model
Cloud Orbiter is built on a zero-trust security principle — no action, user, or cluster connection is trusted by default. Every request is authenticated, every action is authorized, and every interaction is logged.
Security is enforced at every layer:
- Identity Layer — Authentication via Keycloak with SSO federation
- Authorization Layer — RBAC governs every resource operation
- Network Layer — Outbound-only agent connections; no inbound firewall rules required
- Session Layer — Configurable session limits, concurrent session control, and forced logout
- Audit Layer — All API calls are captured in access logs with user identity, IP, timestamp, and endpoint
Identity & Access Management
Multi-Tenant Isolation
Each organization (tenant) operates in a fully isolated environment within Cloud Orbiter. Users, groups, roles, and resources are scoped to their tenant and cannot access resources belonging to other tenants.
User Types
| User Type | Description |
|---|---|
| Local Users | Created and managed within Cloud Orbiter. Credentials stored in the platform. Suitable for development environments or isolated deployments. |
| External Users | Authenticated via external IDPs (Okta, Google, Microsoft, or any OpenID Connect provider). Cloud Orbiter creates a local representation of the user after IDP authentication. |
RBAC — Role-Based Access Control
Cloud Orbiter provides three pre-defined roles with granular permission sets:
| Role | Scope | Permissions |
|---|---|---|
| Tenant Admin | Entire tenant | Full control — user management, group management, IDP configuration, roles, applications, notifications, settings |
| Project Admin | Assigned project(s) | All operations within project — manage users, assign Project Admins, create/update/delete clusters, deploy applications, manage instances |
| Default User | Assigned project(s) | Create clusters, list clusters (read-only), access app repositories, view test suites, list backup/recovery, list hosts and groups |
RBAC is applied at every layer — only authorized users can access or manage specific resources within their assigned tenant and project scope.
Single Sign-On (SSO) Integration
Cloud Orbiter supports SSO via any OpenID Connect (OIDC)-compatible identity provider. Three providers are pre-integrated:
Okta Integration
- Create an Okta account and add a new application
- In Cloud Orbiter: Settings → Overview → Security → Identity Provider → + Add Identity Provider
- Provide: Client ID, Client Secret, Authorization URL, Token URL
- Save and test the SSO login flow
Google Integration
- Create a Google Cloud project and configure OAuth 2.0 credentials
- In Cloud Orbiter: Settings → Overview → Security → Identity Provider → + Add Identity Provider
- Provide: Client ID, Client Secret from Google Identity
- Save and test the SSO login flow
Microsoft Integration
- Register an application in Microsoft Azure Active Directory
- In Cloud Orbiter: Settings → Overview → Security → Identity Provider → + Add Identity Provider
- Provide: Client ID, Client Secret from Azure AD App Registration
- Save and test the SSO login flow
Once SSO is configured, users authenticate through their corporate identity provider — no separate Cloud Orbiter credentials required.
Session Management
Concurrent Session Control
Tenant Administrators can configure concurrent session limits per user:
- Setting: Navigate to Settings → User Session Config
- Limit: Define the maximum number of simultaneous sessions per user
Session Exceedance Handling
When a user exceeds their session limit, Cloud Orbiter offers two behaviours:
| Option | Behaviour |
|---|---|
| Terminate Oldest Session | Automatically terminates the session with the oldest Last Access Time |
| Deny New Sessions | Blocks new login attempts until the user frees an existing session |
Force Logout from All Devices
Users can force-logout all active sessions:
- Go to Account Settings
- Select Sign Out of All Devices
This logs the user out from all devices (mobile, tablet, desktop) simultaneously — useful when unauthorized access is suspected.
Password Policy
Cloud Orbiter enforces a default password policy. Tenant Administrators can customize these settings:
| Requirement | Default |
|---|---|
| Minimum Length | 8 characters |
| Maximum Length | 32 characters |
| Special Characters | At least 1 (!, @, #, $, %, ^, &, *, ?) |
| Uppercase Letters | At least 1 |
| Lowercase Letters | At least 1 |
| Digits | At least 1 |
| Password History | Must not match previous 3 passwords |
| Personal Information | Must not contain email address or User ID |
Access Logs & Audit Trail
Cloud Orbiter captures detailed access logs for every tenant:
- Per-entry data: User identity, date/time, IP address, HTTP method, API endpoint accessed
- Access: Settings → Access Logs (Tenant Admin only)
- Use cases: Security auditing, anomaly detection, compliance reporting, incident investigation
Example log entry:
| Time | Username | Operation | IP Address | API |
|---|---|---|---|---|
| <timestamp> | <user-email> | <HTTP method> | <client-ip> | <api-endpoint> |
Regular review of access logs is recommended to detect and resolve potential security threats.