IAM & Gouvernance
IAM and Governance: Master Identity Management with Clever Cloud
What is IAM at Clever Cloud?
Identity and Access Management (IAM) refers to the processes and technologies that control who can access what, when, and how within your cloud infrastructure. At Clever Cloud, IAM is built around several complementary components:
Native organization management
Structure your environments by creating distinct organizations (internal teams, projects, clients) to easily segment access to your services.
Role management
Assign predefined roles to each member based on their responsibilities, ensuring clear and secure governance.
Strong authentication
Our Console and CLI use our API via OAuth 1.0 to secure connections and exchanges, with time-limited sessions and multi-factor authentication via TOTP.
To go further and help customers build their own IAM and secret management workflows, Clever Cloud also provides dedicated managed solutions: Keycloak-as-a-Service for advanced authentication needs, and Clever KMS for secure management of secrets and encryption keys.
Role and Permission Management: Organization and Control
Clever Cloud provides an organizational role management system that simplifies collaboration while maintaining security, with predefined roles offering granular permissions:
Administrator
Full control of the organization, member management, applications, add-ons, billing, and settings. Only administrators can delete the organization.
Manager
Manages teams and technical resources. Can add/remove members, manage applications and add-ons, and update organization settings, without billing access.
Developer
Technical access to applications and repositories. Can create and deploy applications, access logs and metrics, without team management rights.
Accountant
Financial access only. Can view invoices, usage reports, and billing settings, without access to technical resources.
This approach ensures a clear separation of responsibilities and facilitates access governance tailored to each business profile.
OAuth Authentication and Token Management
-
01
01 OAuth-secured access
The Clever Cloud Console uses the API via OAuth 1.0 for authentication, ensuring secure connections with time-limited sessions. You can also create your own OAuth Consumers to allow your applications and services to access your Clever Cloud account.
0202 API tokens
Generate API access tokens from your user profile to automate workflows.
0303 Clever Tools
Via clever login, benefit from simplified authentication identical to the Console. You can also interact with our API using clever curl.
Keycloak-as-a-Service: Managed Enterprise IAM
No more sleepless nights running Keycloak! Our managed solution, developed in partnership with Please Open It, simplifies your use of this widely adopted open-source IAM. In just a few clicks, your Keycloak instance is ready—configured to be secure and scalable, and adapted to enterprise needs.
Open-source made simple
Your instance comes pre-configured with plugins to ease usage, while still giving you the freedom to customize themes, modules, and rules as needed.
Dedicated and isolated infrastructure
Each instance has its own application, database, and storage. No shared resources—performance and security are guaranteed.
Enterprise features
- SSO and identity federation (OpenID Connect, OAuth2, SAML)
- Active Directory / LDAP integration
- Built-in MFA with Passkey management
- Centralized user, role, and permission management
- Simplified import of existing user databases
- Integrated Grafana dashboards for technical and business monitoring
Grafana dashboards
With Keycloak-as-a-Service, technical metrics (cache data, database connections, memory usage) and business metrics (active users, refreshed sessions) are directly available in your Clever Cloud Console.
Deploy your IAM in just a few clicks with Clever Cloud. Managed solutions, certified infrastructure, recognized expertise — enterprise authentication is now accessible to every organization.
Need an advanced configuration or specific guidance?
Compliance and Certifications
-
01
01 Clever Cloud certifications
The first European PaaS certified ISO 27001:2022 for information security, ISO 9001 for process quality, and HDS (Health Data Hosting) across six activities. For HDS hosting, a specific contract is required.
0202 Sovereign hosting
Infrastructure hosted on Clever Cloud and partner facilities, fully GDPR-compliant, and entirely immune to extraterritorial laws.
0303 SecNumCloud in progress
Certification underway for the highest level of French cloud security. Government projects can also be hosted on a certified partner zone (Cloud Temple).
Q&A – IAM and Governance
Is Keycloak-as-a-Service compatible with my Active Directory?
Yes. Our solution connects natively to your existing directories via LDAP, SAML, or identity federation. Users keep their usual credentials.
How can I customize my Keycloak instance?
The instance remains fully customizable. You can add your own themes, custom modules, business rules, and configurations without restriction.
What is the difference from a self-hosted Keycloak?
Our managed solution automates operations, backups, updates, and monitoring. No specific expertise required, with integrated monitoring and automatic scalability.
Do ISO 27001/HDS certifications apply to all services?
Clever Cloud is ISO 27001 and ISO 9001 certified. HDS hosting applies only to eligible services (some services like FSBucket are excluded) and requires a specific contract.
How can I monitor my Keycloak instance activity?
Keycloak-as-a-Service exposes Prometheus metrics (since version 25.06), available in Grafana via your Clever Cloud Console for both technical and business monitoring.
Can I use Clever KMS with external tools?
Yes. Clever KMS is compatible with HashiCorp Vault KV and Transit APIs, allowing integration with a wide range of DevOps and security tools.
