How do I control which users access my Cloudinary account and what they can do?

Cloudinary offers multiple methods to ensure that only authorized users can access and manage the various assets and functionalities:

• Roles & permissions: Each user in your Cloudinary account is assigned a role that determines their allowed operations, access to Console sections, and control over settings. For example, a Master admin has comprehensive access to Cloudinary credentials, Console Settings, user management, billing, upgrades, and all assets. In contrast, a Media Library user is limited to accessing media assets within their folder permissions.

• Folder permissions: By assigning permissions on folders (and their contents), you can regulate access for selected Media Library users or user groups. This allows you to grant varying levels of access permissions, from full management control to view-only. You can also can prevent specific Media Library users or user groups from accessing a folder's contents by not sharing that folder with them.

• Two-factor authorization/SAML login: Cloudinary provides two-factor authentication (TFA) and Security Assertion Markup Language (SAML) login options. TFA adds an extra layer of security, requiring additional verification during login. SAML login allows authentication through your organization's identity provider, such as Okta, Azure AD, OneLogin, etc. Configure these options on the User Management page of the Console Settings.

  Enterprise customers can also utilize SAML provisioning, which allows you to create and manage users through your organizations identity provider, eliminating the need to pre-create the users in Cloudinary.

• Allowed Admin API/Console IP addresses: You can restrict access to the Admin API and Console based on specific IP addresses. Configure this setting to limit account access to authorized IPs. Access this configuration on the Security page of the Console Settings.