The #1 Terraform Provider for Access Management
Your infrastructure lives in Terraform. Your deployments are automated. Why is your access management still manual?
Built for Developers
Manage access where you already work: directly in your Terraform workflows. Zero context switching.
Built for Scale
Our Terraform provider handles complex fine-grained permissions that grow with you.
Complete this form to see Opal in action
Why Opal for Identity Access as Code?
Complete Infrastructure-as-Code Coverage
Manage your entire access landscape through 19 core resource types and 35+ data sources, including Opal's unique bundle architecture that groups related configurations together. Unlike competitors with limited Terraform support, Opal enables sophisticated access patterns entirely through code.
Complete Infrastructure-as-Code Coverage
Manage your entire access landscape through 19 core resource types and 35+ data sources, including Opal's unique bundle architecture that groups related configurations together. Unlike competitors with limited Terraform support, Opal enables sophisticated access patterns entirely through code.
Complete Infrastructure-as-Code Coverage
Manage your entire access landscape through 19 core resource types and 35+ data sources, including Opal's unique bundle architecture that groups related configurations together. Unlike competitors with limited Terraform support, Opal enables sophisticated access patterns entirely through code.
AI-Powered Access Intelligence
Automatically prioritize and remediate identity risks through machine learning-powered risk scoring that integrates directly with your Terraform workflows. Opal's AI capabilities detect behavioral anomalies to enable automated security responses through infrastructure-as-code practices.
AI-Powered Access Intelligence
Automatically prioritize and remediate identity risks through machine learning-powered risk scoring that integrates directly with your Terraform workflows. Opal's AI capabilities detect behavioral anomalies to enable automated security responses through infrastructure-as-code practices.
AI-Powered Access Intelligence
Automatically prioritize and remediate identity risks through machine learning-powered risk scoring that integrates directly with your Terraform workflows. Opal's AI capabilities detect behavioral anomalies to enable automated security responses through infrastructure-as-code practices.
Enterprise-Scale Without Headcount Growth
Proven to manage 1,500+ developers across hundreds of AWS accounts and thousands of roles with zero additional staffing requirements. Companies like Sophos and Elastic orchestrate complex access control entirely through Opal's Terraform provider.
Enterprise-Scale Without Headcount Growth
Proven to manage 1,500+ developers across hundreds of AWS accounts and thousands of roles with zero additional staffing requirements. Companies like Sophos and Elastic orchestrate complex access control entirely through Opal's Terraform provider.
Enterprise-Scale Without Headcount Growth
Proven to manage 1,500+ developers across hundreds of AWS accounts and thousands of roles with zero additional staffing requirements. Companies like Sophos and Elastic orchestrate complex access control entirely through Opal's Terraform provider.
FROM OUR Customers:
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
FROM OUR Customers:
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
FROM OUR Customers:
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian
“At Obsidian, we use Opal to run quarterly access reviews, maintain just-in-time access, and handle access requests to some of our sensitive applications, like AWS. Once we started using Opal’s Risk Layer in AWS, it changed the way we connect to it, which is fantastic. We’re excited to find the time to set up a deeper Terraform integration, along with the API and CLI that Opal built. Overall, Opal has been a great time saver—really helped us out.”
Chris Kennington
Security Engineer, Obsidian
"Opal helps Elastic protect more of our attack surface than we could before with a small but mighty team. Whether we're speeding up workflows with Slack, orchestrating authorization directly from Terraform, or using the API, Opal has helped us do more with less. In the near future, we're excited to implement Just-in-Time (JIT) access for all of our employees who use GitHub, as well as begin to secure LLMs, service accounts, and other NHIs with Opal."
Mandy Andress
CISO, Elastic
"Opal's Access Review module allows us to provide internal and external auditors with the evidence required for multiple compliances, and provides our Privileged Access Reviewers with the necessary information to make meaningful access decisions. Opal's ability to self-host their solution also allows us to host in our own FedRAMP High environment, thus allowing us to utilize all of their capabilities to harden our FedRAMP resources."
Jack Zaldivar, Jr.
Staff Systems Engineer, Databricks
"At Grammarly, Opal enabled us to migrate all access management for over 150 corporate applications and hundreds of production services across two public clouds to a unified employee experience in just a few weeks."
Suha Can
CISO, Grammarly
“Access reviews and access management were a tedious time sink for us at Obsidian before we adopted Opal. But unlike a lot of other security products, Opal is one of those rare products that gives us back time to focus on what matters, which is amazing.”
Alfredo Hickman
CISO, Obsidian