AI for Identity. Identity for AI.
AI for Identity. Identity for AI.
AI for Identity.
Identity for AI.
Opal is the identity governance control plane for AI agents, humans, and service accounts at hyperscale enterprises.
Opal is the identity governance control plane for AI agents, humans, and service accounts at hyperscale enterprises.
Opal is the identity governance control plane for AI agents, humans, and service accounts at hyperscale enterprises.
Opal is the identity governance control plane for AI agents, humans, and service accounts at hyperscale enterprises.
AI for Identity.
Identity for AI.
Opal is the identity governance control plane for AI agents, humans, and service accounts at hyperscale enterprises.
Ask Opal
Summary
Recommendation: Revoke permanent access for Teams Administrator for Zuri Nichols and implement just-in-time access instead.
Justification
Zuri Nichols currently has permanent access to Teams Administrator, which is classified as a medium sensitivity asset. Two significant risk factors have been identified:
Permanent access: Maintaining permanent access to administrative systems violates the principle of least privilege and creates unnecessary standing access risk.
Externally granted access: The access was granted outside of standard access management workflows, indicating potential governance gaps and lack of proper approval processes.
Teams Administrator privileges can be particularly risky as they allow for managing team memberships, communication settings, and potentially sensitive collaboration spaces. Following security best practices, administrative access should be:
Do Nothing
Expire in 7 days
Expire Now
Ask Opal
Summary
Recommendation: Revoke permanent access for Teams Administrator for Zuri Nichols and implement just-in-time access instead.
Justification
Zuri Nichols currently has permanent access to Teams Administrator, which is classified as a medium sensitivity asset. Two significant risk factors have been identified:
Permanent access: Maintaining permanent access to administrative systems violates the principle of least privilege and creates unnecessary standing access risk.
Externally granted access: The access was granted outside of standard access management workflows, indicating potential governance gaps and lack of proper approval processes.
Teams Administrator privileges can be particularly risky as they allow for managing team memberships, communication settings, and potentially sensitive collaboration spaces. Following security best practices, administrative access should be:
Do Nothing
Expire in 7 days
Expire Now
Ask Opal
Summary
Recommendation: Revoke permanent access for Teams Administrator for Zuri Nichols and implement just-in-time access instead.
Justification
Zuri Nichols currently has permanent access to Teams Administrator, which is classified as a medium sensitivity asset. Two significant risk factors have been identified:
Permanent access: Maintaining permanent access to administrative systems violates the principle of least privilege and creates unnecessary standing access risk.
Externally granted access: The access was granted outside of standard access management workflows, indicating potential governance gaps and lack of proper approval processes.
Teams Administrator privileges can be particularly risky as they allow for managing team memberships, communication settings, and potentially sensitive collaboration spaces. Following security best practices, administrative access should be:
Do Nothing
Expire in 7 days
Expire Now
Ask Opal
Summary
Recommendation: Revoke permanent access for Teams Administrator for Zuri Nichols and implement just-in-time access instead.
Justification
Zuri Nichols currently has permanent access to Teams Administrator, which is classified as a medium sensitivity asset. Two significant risk factors have been identified:
Permanent access: Maintaining permanent access to administrative systems violates the principle of least privilege and creates unnecessary standing access risk.
Externally granted access: The access was granted outside of standard access management workflows, indicating potential governance gaps and lack of proper approval processes.
Teams Administrator privileges can be particularly risky as they allow for managing team memberships, communication settings, and potentially sensitive collaboration spaces. Following security best practices, administrative access should be:
Do Nothing
Expire in 7 days
Expire Now
Trusted by leading companies
Trusted by leading companies
Trusted by leading companies
Trusted by leading companies
Trusted by leading companies
What we do
Secure AI adoption starts with identity governance. Opal is the control layer that keeps access accurate, compliant, and contained.
Secure AI adoption starts with identity governance. Opal is the control layer that keeps access accurate, compliant, and contained.
Secure AI adoption starts with identity governance. Opal is the control layer that keeps access accurate, compliant, and contained.
Identity Lifecycle Automation
Keep access current by orchestrating provisioning, updates, and removals in Opal or via Terraform.
Identity Lifecycle Automation
Keep access current by orchestrating provisioning, updates, and removals in Opal or via Terraform.
Identity Lifecycle Automation
Keep access current by orchestrating provisioning, updates, and removals in Opal or via Terraform.
Identity Lifecycle Automation
Keep access current by orchestrating provisioning, updates, and removals in Opal or via Terraform.
Identity Lifecycle Automation
Keep access current by orchestrating provisioning, updates, and removals in Opal or via Terraform.
JIT & Self-Service Access
Reduce sprawl and let users request and receive approved, time-bound access from Opal or Slack.
JIT & Self-Service Access
Reduce sprawl and let users request and receive approved, time-bound access from Opal or Slack.
JIT & Self-Service Access
Reduce sprawl and let users request and receive approved, time-bound access from Opal or Slack.
JIT & Self-Service Access
Reduce sprawl and let users request and receive approved, time-bound access from Opal or Slack.
JIT & Self-Service Access
Reduce sprawl and let users request and receive approved, time-bound access from Opal or Slack.
Access Reviews & Compliance
Simplify certifications and audits by automating UARs, evidence collection, and policy checks.
Access Reviews & Compliance
Simplify certifications and audits by automating UARs, evidence collection, and policy checks.
Access Reviews & Compliance
Simplify certifications and audits by automating UARs, evidence collection, and policy checks.
Access Reviews & Compliance
Simplify certifications and audits by automating UARs, evidence collection, and policy checks.
Access Reviews & Compliance
Simplify certifications and audits by automating UARs, evidence collection, and policy checks.
Identity Risk Management
Continuously detect and remediate risky access with full visibility and least-privilege enforcement.
Identity Risk Management
Continuously detect and remediate risky access with full visibility and least-privilege enforcement.
Identity Risk Management
Continuously detect and remediate risky access with full visibility and least-privilege enforcement.
Identity Risk Management
Continuously detect and remediate risky access with full visibility and least-privilege enforcement.
Identity Risk Management
Continuously detect and remediate risky access with full visibility and least-privilege enforcement.
Permanent Access
82k
Grants
+0.98%
Unused Access
968
Grants
+70.42%
Outside Access
26k
Grants
+2.75%
Irregular Access
568
Grants
+68.05%
Suggestions
View access from overprovisioned rules
poplar-project-002
1 out of 2 users have permanent access and have not used this resource in the last 30 days.
View potentially anomalous access grants
Administrat
2 out of 3 users have permanent access and have not used this resource in the last 30 days.
Access Risk Summary
Today
This Week
This Month
Total
By Identity Type
184 Access Grants
Identity
Asset
Expiration
First Granted
Last Used
Vulnerabilities
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
09-28-google-idp
Google Cloud • Service Account
Permanent
19 minutes ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
09-28-google-idp
Google Cloud • Service Account
Permanent
5 hours ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
aiplatform.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian36288
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
adrian-backupdr
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.storage
Google Cloud • Service Account
Permanent
a month ago
Never used
Expire in 7 days
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
adrian.dev-owner
Google Cloud • Organization
Permanent
a month ago
Never used
Expire in 7 days
Adrian Security Group
Azure • Microsoft Entra ID Security Group
Cognitive Services Contributor
Azure • Storage Container
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian-folder
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
resourcemanager
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
Risk Center
Admin
FN
Ask Opal
1 Access Grant Selected
Expire in 7 days (Recommended)
Permanent Access
82k
Grants
+0.98%
Unused Access
968
Grants
+70.42%
Outside Access
26k
Grants
+2.75%
Irregular Access
568
Grants
+68.05%
Suggestions
View access from overprovisioned rules
poplar-project-002
1 out of 2 users have permanent access and have not used this resource in the last 30 days.
View potentially anomalous access grants
Administrat
2 out of 3 users have permanent access and have not used this resource in the last 30 days.
Access Risk Summary
Today
This Week
This Month
Total
By Identity Type
184 Access Grants
Identity
Asset
Expiration
First Granted
Last Used
Vulnerabilities
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
09-28-google-idp
Google Cloud • Service Account
Permanent
19 minutes ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
09-28-google-idp
Google Cloud • Service Account
Permanent
5 hours ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
aiplatform.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian36288
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
adrian-backupdr
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.storage
Google Cloud • Service Account
Permanent
a month ago
Never used
Expire in 7 days
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
adrian.dev-owner
Google Cloud • Organization
Permanent
a month ago
Never used
Expire in 7 days
Adrian Security Group
Azure • Microsoft Entra ID Security Group
Cognitive Services Contributor
Azure • Storage Container
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian-folder
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
resourcemanager
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
Risk Center
Admin
FN
Ask Opal
1 Access Grant Selected
Expire in 7 days (Recommended)
Permanent Access
82k
Grants
+0.98%
Unused Access
968
Grants
+70.42%
Outside Access
26k
Grants
+2.75%
Irregular Access
568
Grants
+68.05%
Suggestions
View access from overprovisioned rules
poplar-project-002
1 out of 2 users have permanent access and have not used this resource in the last 30 days.
View potentially anomalous access grants
Administrat
2 out of 3 users have permanent access and have not used this resource in the last 30 days.
Access Risk Summary
Today
This Week
This Month
Total
By Identity Type
184 Access Grants
Identity
Asset
Expiration
First Granted
Last Used
Vulnerabilities
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
09-28-google-idp
Google Cloud • Service Account
Permanent
19 minutes ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
09-28-google-idp
Google Cloud • Service Account
Permanent
5 hours ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
aiplatform.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian36288
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
adrian-backupdr
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.storage
Google Cloud • Service Account
Permanent
a month ago
Never used
Expire in 7 days
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
adrian.dev-owner
Google Cloud • Organization
Permanent
a month ago
Never used
Expire in 7 days
Adrian Security Group
Azure • Microsoft Entra ID Security Group
Cognitive Services Contributor
Azure • Storage Container
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian-folder
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
resourcemanager
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
Risk Center
Admin
FN
Ask Opal
1 Access Grant Selected
Expire in 7 days (Recommended)
Permanent Access
82k
Grants
+0.98%
Unused Access
968
Grants
+70.42%
Outside Access
26k
Grants
+2.75%
Irregular Access
568
Grants
+68.05%
Suggestions
View access from overprovisioned rules
poplar-project-002
1 out of 2 users have permanent access and have not used this resource in the last 30 days.
View potentially anomalous access grants
Administrat
2 out of 3 users have permanent access and have not used this resource in the last 30 days.
Access Risk Summary
Today
This Week
This Month
Total
By Identity Type
184 Access Grants
Identity
Asset
Expiration
First Granted
Last Used
Vulnerabilities
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
09-28-google-idp
Google Cloud • Service Account
Permanent
19 minutes ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
09-28-google-idp
Google Cloud • Service Account
Permanent
5 hours ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
aiplatform.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian36288
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
adrian-backupdr
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.storage
Google Cloud • Service Account
Permanent
a month ago
Never used
Expire in 7 days
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
adrian.dev-owner
Google Cloud • Organization
Permanent
a month ago
Never used
Expire in 7 days
Adrian Security Group
Azure • Microsoft Entra ID Security Group
Cognitive Services Contributor
Azure • Storage Container
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian-folder
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
resourcemanager
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
Risk Center
Admin
FN
Ask Opal
1 Access Grant Selected
Expire in 7 days (Recommended)
Permanent Access
82k
Grants
+0.98%
Unused Access
968
Grants
+70.42%
Outside Access
26k
Grants
+2.75%
Irregular Access
568
Grants
+68.05%
Suggestions
View access from overprovisioned rules
poplar-project-002
1 out of 2 users have permanent access and have not used this resource in the last 30 days.
View potentially anomalous access grants
Administrat
2 out of 3 users have permanent access and have not used this resource in the last 30 days.
Access Risk Summary
Today
This Week
This Month
Total
By Identity Type
184 Access Grants
Identity
Asset
Expiration
First Granted
Last Used
Vulnerabilities
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
09-28-google-idp
Google Cloud • Service Account
Permanent
19 minutes ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
09-28-google-idp
Google Cloud • Service Account
Permanent
5 hours ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
aiplatform.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian36288
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
adrian-backupdr
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.storage
Google Cloud • Service Account
Permanent
a month ago
Never used
Expire in 7 days
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
adrian.dev-owner
Google Cloud • Organization
Permanent
a month ago
Never used
Expire in 7 days
Adrian Security Group
Azure • Microsoft Entra ID Security Group
Cognitive Services Contributor
Azure • Storage Container
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian-folder
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
resourcemanager
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
Risk Center
Admin
FN
Ask Opal
1 Access Grant Selected
Expire in 7 days (Recommended)
Permanent Access
82k
Grants
+0.98%
Unused Access
968
Grants
+70.42%
Outside Access
26k
Grants
+2.75%
Irregular Access
568
Grants
+68.05%
Suggestions
View access from overprovisioned rules
poplar-project-002
1 out of 2 users have permanent access and have not used this resource in the last 30 days.
View potentially anomalous access grants
Administrat
2 out of 3 users have permanent access and have not used this resource in the last 30 days.
Access Risk Summary
Today
This Week
This Month
Total
By Identity Type
184 Access Grants
Identity
Asset
Expiration
First Granted
Last Used
Vulnerabilities
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
09-28-google-idp
Google Cloud • Service Account
Permanent
19 minutes ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
09-28-google-idp
Google Cloud • Service Account
Permanent
5 hours ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
aiplatform.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian36288
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
adrian-backupdr
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.storage
Google Cloud • Service Account
Permanent
a month ago
Never used
Expire in 7 days
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
adrian.dev-owner
Google Cloud • Organization
Permanent
a month ago
Never used
Expire in 7 days
Adrian Security Group
Azure • Microsoft Entra ID Security Group
Cognitive Services Contributor
Azure • Storage Container
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian-folder
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
resourcemanager
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
Risk Center
Admin
FN
Ask Opal
1 Access Grant Selected
Expire in 7 days (Recommended)
Permanent Access
82k
Grants
+0.98%
Unused Access
968
Grants
+70.42%
Outside Access
26k
Grants
+2.75%
Irregular Access
568
Grants
+68.05%
Suggestions
View access from overprovisioned rules
poplar-project-002
1 out of 2 users have permanent access and have not used this resource in the last 30 days.
View potentially anomalous access grants
Administrat
2 out of 3 users have permanent access and have not used this resource in the last 30 days.
Access Risk Summary
Today
This Week
This Month
Total
By Identity Type
184 Access Grants
Identity
Asset
Expiration
First Granted
Last Used
Vulnerabilities
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
09-28-google-idp
Google Cloud • Service Account
Permanent
19 minutes ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
09-28-google-idp
Google Cloud • Service Account
Permanent
5 hours ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
aiplatform.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.serviceagent
Google Cloud • Service Account
Permanent
4 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian36288
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
default service account
Google Cloud • Service Account
adrian-backupdr
Google Cloud • Service Account
Permanent
17 days ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
timbucket9.storage
Google Cloud • Service Account
Permanent
a month ago
Never used
Expire in 7 days
SM
Shrinjay Mukherjee
shrinjay@adriandev.net
adrian.dev-owner
Google Cloud • Organization
Permanent
a month ago
Never used
Expire in 7 days
Adrian Security Group
Azure • Microsoft Entra ID Security Group
Cognitive Services Contributor
Azure • Storage Container
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
adrian-folder
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
09-28-google-idp
Google Cloud • Service Account
resourcemanager
Google Cloud • Folder
Permanent
a month ago
Never used
Expire in 7 days
Risk Center
Admin
FN
Ask Opal
1 Access Grant Selected
Expire in 7 days (Recommended)
Built for every identity
Opal governs every identity type under one model — because security breaks and business slows when they’re managed apart.
Opal governs every identity type under one model — because security breaks and business slows when they’re managed apart.
AI Agents
Extend governance to coding and autonomous AI agents, which can request and manage access via MCP — with audit and guardrails.
AI Agents
Extend governance to coding and autonomous AI agents, which can request and manage access via MCP — with audit and guardrails.
AI Agents
Extend governance to coding and autonomous AI agents, which can request and manage access via MCP — with audit and guardrails.
AI Agents
Extend governance to coding and autonomous AI agents, which can request and manage access via MCP — with audit and guardrails.
AI Agents
Extend governance to coding and autonomous AI agents, which can request and manage access via MCP — with audit and guardrails.
Humans
Unify workforce access, reviews, and authorization decisions through a continuous framework of least privilege and accountability.
Humans
Unify workforce access, reviews, and authorization decisions through a continuous framework of least privilege and accountability.
Humans
Unify workforce access, reviews, and authorization decisions through a continuous framework of least privilege and accountability.
Humans
Unify workforce access, reviews, and authorization decisions through a continuous framework of least privilege and accountability.
Humans
Unify workforce access, reviews, and authorization decisions through a continuous framework of least privilege and accountability.
Service Accounts
Bring system-level identities into scope with lifecycle governance, policy consistency, and intelligent least-privilege enforcement.
Service Accounts
Bring system-level identities into scope with lifecycle governance, policy consistency, and intelligent least-privilege enforcement.
Service Accounts
Bring system-level identities into scope with lifecycle governance, policy consistency, and intelligent least-privilege enforcement.
Service Accounts
Bring system-level identities into scope with lifecycle governance, policy consistency, and intelligent least-privilege enforcement.
Service Accounts
Bring system-level identities into scope with lifecycle governance, policy consistency, and intelligent least-privilege enforcement.
FROM OUR Customers:
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
FROM OUR Customers:
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
FROM OUR Customers:
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
FROM OUR Customers:
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
FROM OUR Customers:
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
How Opal Works
Requests
Requests
Requests
Requests
Requests
Risk Center
Risk Center
Risk Center
Risk Center
Risk Center
Human review
Human review
Human review
Human review
Human review
Opal intelligence
Opal intelligence
Opal intelligence
Opal intelligence
Opal intelligence
Integrations Library
Integrations Library
Integrations Library
Integrations Library
Integrations Library
Access updates
Access updates
Access updates
Access updates
Access updates
Learn
Learn
Learn
Learn
Learn
Assist
Assist
Assist
Assist
Assist