Information for: DEVELOPERS   PARTNERS

Controlling access to Acquia Cloud

Acquia Cloud provides you a comprehensive set of security features to control who can access your Acquia applications and how, including:

  • Teams, roles, and permissions – You can assign roles to your team members, with fine-grained permissions governing user actions. You can assign members to teams, where each team can have one or more applications in your organization to work on.
  • Two-step verification – Although the Acquia Cloud interface requires a username (email address) and password to sign in or access an Acquia application, you can also enable two-factor verification, which requires users to also enter a verification code provided by text message or trusted application.
  • Session timeouts – To help secure your Acquia Cloud applications, Acquia Cloud interface sessions expire after 90 minutes of inactivity, requiring users to sign in again before taking any actions requiring user authentication. SSH client sessions expire after 15 minutes.
  • Password strength requirements – You can optionally require users signing in to the Acquia Cloud interface to have a password meeting a minimum password strength requirement, ensuring their passwords are difficult to guess.
  • IP address whitelisting – You can configure Acquia Cloud to allow Acquia Cloud interface-based access to your applications for only specified IP addresses from a whitelist.

Each of these features controls access to the Acquia Cloud interface and not access to your Acquia Cloud websites or other applications.

Handling user-based tasks

Administrators manage all aspects of their users, from access to permissions. The following documentation pages include information describing basic organizational tasks: