Use Cases

How It Works

Customers

Resources

Company

Sign in

Request a Demo

Separation of Duties

Some access shouldn't be combined.

Toxic Sets turn your separation-of-duties policy into code. Versioned in Git. Tested in CI. Enforced everywhere Opal runs — across every system, every identity, human and non-human.

TRUSTED BY LEADING COMPANIES

TRUSTED BY LEADING COMPANIES

TRUSTED BY LEADING COMPANIES

The Problem

The auditor's question hasn't changed in thirty years: can the same person do both?

What's changed is the surface area. One engineer at a modern company carries entitlements across AWS, Snowflake, GitHub, Okta, Salesforce, and thirty more systems. The conflicts that matter aren't pairs of titles on an org chart — they're fine-grained permissions, spread across every platform you run, sometimes three or four deep. Most IGA tools still encode SoD as static role conflicts in a UI. That produces a spreadsheet. It doesn't produce a control.

Access sprawl

Permissions accumulate faster than they're reviewed, leaving entitlements across systems no one is watching.

Permission drift

Access that was appropriate at hire becomes a liability over time, with nothing to detect or remediate the change.

Audit blindness

Security teams can't answer basic access questions without an engineering ticket, turning every review into a bottleneck.

The Problem

The auditor's question hasn't changed in thirty years: can the same person do both?

What's changed is the surface area. One engineer at a modern company carries entitlements across AWS, Snowflake, GitHub, Okta, Salesforce, and thirty more systems. The conflicts that matter aren't pairs of titles on an org chart — they're fine-grained permissions, spread across every platform you run, sometimes three or four deep. Most IGA tools still encode SoD as static role conflicts in a UI. That produces a spreadsheet. It doesn't produce a control.

Access sprawl

Permissions accumulate faster than they're reviewed, leaving entitlements across systems no one is watching.

Permission drift

Access that was appropriate at hire becomes a liability over time, with nothing to detect or remediate the change.

Audit blindness

Security teams can't answer basic access questions without an engineering ticket, turning every review into a bottleneck.

The Problem

The auditor's question hasn't changed in thirty years: can the same person do both?

What's changed is the surface area. One engineer at a modern company carries entitlements across AWS, Snowflake, GitHub, Okta, Salesforce, and thirty more systems. The conflicts that matter aren't pairs of titles on an org chart — they're fine-grained permissions, spread across every platform you run, sometimes three or four deep. Most IGA tools still encode SoD as static role conflicts in a UI. That produces a spreadsheet. It doesn't produce a control.

Access sprawl

Permissions accumulate faster than they're reviewed, leaving entitlements across systems no one is watching.

Permission drift

Access that was appropriate at hire becomes a liability over time, with nothing to detect or remediate the change.

Audit blindness

Security teams can't answer basic access questions without an engineering ticket, turning every review into a bottleneck.

The Problem

The auditor's question hasn't changed in thirty years: can the same person do both?

What's changed is the surface area. One engineer at a modern company carries entitlements across AWS, Snowflake, GitHub, Okta, Salesforce, and thirty more systems. The conflicts that matter aren't pairs of titles on an org chart — they're fine-grained permissions, spread across every platform you run, sometimes three or four deep. Most IGA tools still encode SoD as static role conflicts in a UI. That produces a spreadsheet. It doesn't produce a control.

Access sprawl

Permissions accumulate faster than they're reviewed, leaving entitlements across systems no one is watching.

Permission drift

Access that was appropriate at hire becomes a liability over time, with nothing to detect or remediate the change.

Audit blindness

Security teams can't answer basic access questions without an engineering ticket, turning every review into a bottleneck.

The Shift

Toxic Sets treat separation of duties the way your engineers treat everything else that matters: as code.

Define forbidden combinations in OpalScript — Opal's Python-derived policy language. Combinations can span systems, reach beyond pairs to any N-way set, and layer in conditions like environment, data sensitivity, or time of day. Commit them to Git. Review in PRs. Test in CI. Enforce at request time.

Same workflow as the rest of your security stack. Finally.

Toxic Sets: Combos That Do Not Mix

GitHub Admin Access

GitHub Admin Access

EKS Cluster Admin

EKS Cluster Admin

NetSuite Requestor

NetSuite Requestor

NetSuite Approver

NetSuite Approver

OpenAI Codex Access

Customer Data Store Admin Access

Claude Code Access

Claude Code Access

Production DB Admin Access

Production DB Admin Access

How Opal Solves It

SEE

Opal's access graph surfaces every entitlement every identity holds, across your whole stack. Nothing hides in a group-of-a-group two systems over.

ENFORCE

Write toxic combinations in OpalScript. Reference any entitlement, any attribute, any system the graph knows about. Import shared logic. Unit-test the policy before it ships.

ENCODE

Opal blocks conflicting requests at approval time, flags violations already present in your environment, and watches for drift continuously — so a conflict introduced next Tuesday doesn't wait for your next audit.

WHAT YOU GET

The Complete Picture

SoD enforcement that lives in your stack, spans your systems, and gives auditors what they actually need — without the spreadsheet.

Policy-as-code, not policy-as-screenshot

Toxic Sets live in your repo, travel with your infra, and diff like any other change.

Beyond pairs

Encode 3-way, 4-way, and conditional conflicts — the ones real audits actually find

Cross-system by default

One Toxic Set can span GitHub, AWS, Snowflake, and your ERP in a single rule.

Detection on existing access, not just requests

Find the conflicts sitting in your environment today.

Continuous enforcement

New grants, role changes, and inherited access get evaluated in real time.

Audit evidence on tap

Every evaluation, every violation, every approval — logged, queryable, exportable.

WHO IT'S FOR

Built For The Teams That Own This Problem

CISOs

Turning audit findings into durable controls instead of slide decks.

IAM leads

Retiring the SoD spreadsheet and the quarterly clean-up project that comes with it.

Security engineers

Who want to ship SoD policy the same way they ship anything else: in a PR.

GRC and compliance teams

Who need continuous evidence, not point-in-time screenshots.

One platform. SaaS, self hosted, or on-prem.

PALADIN

Access Evaluation Agent

Paladin investigates every access request with the rigor of a senior security engineer — verifying identity, cross-referencing tickets, analyzing peer norms, and evaluating resource sensitivity. It operates as a first-class reviewer in Opal's approval chain: approving high-confidence requests instantly, and escalating unclear ones with specific, actionable reasoning. Every decision is auditable.

Learn More

OPALSCRIPT

Policy-as-Code Language

A Python-like language for encoding access policy as executable automations. Define approval workflows, JIT rules, SoD constraints, and break-glass logic in code that's version-controlled, testable, peer-reviewed, and composable. Write it by hand, or describe what you need and let AI generate it. Ships through Git, Terraform, and CI/CD — just like the rest of your infrastructure.

Learn More

OPALQUERY

Natural-Language Access Query Engine

Ask "who has admin access to production databases?" and get structured, exportable results in seconds. OpalQuery translates natural language into composable filters against Opal's full identity and access graph — covering users, resources, groups, and entitlements. Save queries, share them across your team, and use them as living audit evidence.

Learn More

ACCESS GRAPH

See Every Entitlement, Role, and Relationship

With deeper integrations, we can tie every entitlement, role, and identity together, not only under the hood, but also in a visualization. Opal gives you the highest resolution representation of access in your organization.

Learn More

One platform. SaaS, self hosted, or on-prem.

PALADIN

Access Evaluation Agent

Paladin investigates every access request with the rigor of a senior security engineer — verifying identity, cross-referencing tickets, analyzing peer norms, and evaluating resource sensitivity. It operates as a first-class reviewer in Opal's approval chain: approving high-confidence requests instantly, and escalating unclear ones with specific, actionable reasoning. Every decision is auditable.

Learn More

OPALSCRIPT

Policy-as-Code Language

A Python-like language for encoding access policy as executable automations. Define approval workflows, JIT rules, SoD constraints, and break-glass logic in code that's version-controlled, testable, peer-reviewed, and composable. Write it by hand, or describe what you need and let AI generate it. Ships through Git, Terraform, and CI/CD — just like the rest of your infrastructure.

Learn More

OPALQUERY

Natural-Language Access Query Engine

Ask "who has admin access to production databases?" and get structured, exportable results in seconds. OpalQuery translates natural language into composable filters against Opal's full identity and access graph — covering users, resources, groups, and entitlements. Save queries, share them across your team, and use them as living audit evidence.

Learn More

ACCESS GRAPH

See Every Entitlement, Role, and Relationship

With deeper integrations, we can tie every entitlement, role, and identity together, not only under the hood, but also in a visualization. Opal gives you the highest resolution representation of access in your organization.

Learn More

One platform. SaaS, self hosted, or on-prem.

PALADIN

Access Evaluation Agent

Paladin investigates every access request with the rigor of a senior security engineer — verifying identity, cross-referencing tickets, analyzing peer norms, and evaluating resource sensitivity. It operates as a first-class reviewer in Opal's approval chain: approving high-confidence requests instantly, and escalating unclear ones with specific, actionable reasoning. Every decision is auditable.

Learn More

OPALSCRIPT

Policy-as-Code Language

A Python-like language for encoding access policy as executable automations. Define approval workflows, JIT rules, SoD constraints, and break-glass logic in code that's version-controlled, testable, peer-reviewed, and composable. Write it by hand, or describe what you need and let AI generate it. Ships through Git, Terraform, and CI/CD — just like the rest of your infrastructure.

Learn More

OPALQUERY

Natural-Language Access Query Engine

Ask "who has admin access to production databases?" and get structured, exportable results in seconds. OpalQuery translates natural language into composable filters against Opal's full identity and access graph — covering users, resources, groups, and entitlements. Save queries, share them across your team, and use them as living audit evidence.

Learn More

ACCESS GRAPH

See Every Entitlement, Role, and Relationship

With deeper integrations, we can tie every entitlement, role, and identity together, not only under the hood, but also in a visualization. Opal gives you the highest resolution representation of access in your organization.

Learn More

One platform. SaaS, self hosted, or on-prem.

PALADIN

Access Evaluation Agent

Paladin investigates every access request with the rigor of a senior security engineer — verifying identity, cross-referencing tickets, analyzing peer norms, and evaluating resource sensitivity. It operates as a first-class reviewer in Opal's approval chain: approving high-confidence requests instantly, and escalating unclear ones with specific, actionable reasoning. Every decision is auditable.

Learn More

OPALSCRIPT

Policy-as-Code Language

A Python-like language for encoding access policy as executable automations. Define approval workflows, JIT rules, SoD constraints, and break-glass logic in code that's version-controlled, testable, peer-reviewed, and composable. Write it by hand, or describe what you need and let AI generate it. Ships through Git, Terraform, and CI/CD — just like the rest of your infrastructure.

Learn More

OPALQUERY

Natural-Language Access Query Engine

Ask "who has admin access to production databases?" and get structured, exportable results in seconds. OpalQuery translates natural language into composable filters against Opal's full identity and access graph — covering users, resources, groups, and entitlements. Save queries, share them across your team, and use them as living audit evidence.

Learn More

ACCESS GRAPH

See Every Entitlement, Role, and Relationship

With deeper integrations, we can tie every entitlement, role, and identity together, not only under the hood, but also in a visualization. Opal gives you the highest resolution representation of access in your organization.

Learn More

Trusted by security teams that ship fast and sleep well.

86K

Time-bound access requests

JIT Access and UARs Enhance Productivity and Security at Databricks

See customer story

Trusted by security teams that ship fast and sleep well.

86K

Time-bound access requests

JIT Access and UARs Enhance Productivity and Security at Databricks

See customer story

Trusted by security teams that ship fast and sleep well.

86K

Time-bound access requests

JIT Access and UARs Enhance Productivity and Security at Databricks

See customer story

Trusted by security teams that ship fast and sleep well.

  • 86K

    Time-bound access requests

    JIT Access and UARs Enhance Productivity and Security at Databricks

    See customer story

  • 88%

    Reduction in standing access

    Chronosphere unlocked larger deals by protecting sensitive customer data on GCP

    See customer story

  • 5,353

    Okta entitlements governed

    How Mercari Built Zero-Touch Access to Production

    See customer story

  • 5,000

    Employees secured

    Blend Transforms Identity Security with Deterministic Logic

    See customer story

  • 150+

    Apps under governance

    Superhuman Reduced Access Risk While Improving End-User Experience

    See customer story

Stop Reviewing.

Start Enforcing.

Use Cases

Just-in-Time Access

AI-Powered Access Reviews

Programmable Governance

Access Intelligence

Security for AI Agents

How it Works

Platform

Integrations

Intelligence

Customers

Blend

Databricks

Mercari

Superhuman

All Case Studies

Resources

Resource Center

Documentation

Features

Blog

Media & Press

Events

Glossary

Brand Resouces

Company

About

Careers

Trust Center

Legal

Terms of Service

Privacy Policy

Stop Reviewing.

Start Enforcing.

Use Cases

Just-in-Time Access

AI-Powered Access Reviews

Programmable Governance

Access Intelligence

Security for AI Agents

How it Works

Platform

Integrations

Intelligence

Customers

Blend

Databricks

Mercari

Superhuman

All Case Studies

Resources

Resource Center

Documentation

Features

Blog

Media & Press

Events

Glossary

Brand Resouces

Company

About

Careers

Trust Center

Legal

Terms of Service

Privacy Policy

Stop Reviewing.

Start Enforcing.

Use Cases

Just-in-Time Access

AI-Powered Access Reviews

Programmable Governance

Access Intelligence

Security for AI Agents

How it Works

Platform

Integrations

Intelligence

Customers

Blend

Databricks

Mercari

Superhuman

All Case Studies

Resources

Resource Center

Documentation

Features

Blog

Media & Press

Events

Glossary

Brand Resouces

Company

About

Careers

Trust Center

Legal

Terms of Service

Privacy Policy

Stop Reviewing.

Start Enforcing.

Use Cases

Just-in-Time Access

AI-Powered Access Reviews

Programmable Governance

Access Intelligence

Security for AI Agents

How it Works

Platform

Integrations

Intelligence

Customers

Blend

Databricks

Mercari

Superhuman

All Case Studies

Resources

Resource Center

Documentation

Features

Blog

Media & Press

Events

Glossary

Brand Resouces

Company

About

Careers

Trust Center

Legal

Terms of Service

Privacy Policy