Single Sign On (SSO) and SAML
Login to env0 and sync teams using your organizations unified authentication platform. Manage RBAC using your SAML provider.
There's nothing worse than having multiple authentication systems for your organization. So env0 can make use of your authoritative system already in place.
%2520and%2520SAML%25402x.png)
Collaborate on infrastructure as code (IaC)
env0 provides a collaborative remote-run environment to perform “runs” and simplify the governance of cloud deployments for Terraform, Terragrunt and other IaC frameworks. Get the Terraform or Terragrunt plans for all pull requests so you can approve the infrastructure change requests with maximum confidence. Define an approval process of critical environments like Production and review pending requests.
Bring teams together to advance IaC across your entire enterprise infrastructure, providing faster benefits, and increased ROI from your IaC efforts.

Self-hosted agent
Increase deployment flexibility while maintaining separation, security, and compliance by moving execution inside your boundary.
Greater divison of responsiblity and ensuring network access to dev/stage/prod environments remains separated for runners as well.

Policy and governance
Easily create an access control model based on rich context like: users and teams, Git Repos, cloud accounts and environments. Set up policy-as-code guardrails based on the Open Policy Agent framework. Leverage env0’s cost estimation to get a sense of the cost of your resource before applying them, and also our robust resource tagging capability to correlate the actual cost overtime with your deployments.
Guardrails to ensure your teams can do what they need, while still ensuring adherence to company policies and guidelines.

Environment-as-a-Service
Create infrastructure resource templates to be consumed for on-demand provisioning. Empower your developers and teams to spin-up, update and destroy an environment with one click, and easily track environment status or deployment history. env0 will enable you to better control your cloud budget by setting-up monthly limits on users, teams, projects, and environment time-to-live (TTL).
Self-service access to approved resources when devs need them reduces waste, increases team productivity, and increases security by preventing deployments that don't meet organizational policy.

Log forwarding
Send all your env0 logging data to your logging platform of choice. We support three of the most popular options—Splunk, Datadog and Logz.io.
Plug env0's control in to your organization's audit.

OIDC support
OpenID Connect (OIDC) is a protocol that enables third-party authentication with env0. OIDC allows your deployments to exchange short-lived tokens directly from your cloud provider or third-party service, which is then stored in a variable, which is also a short-lived token. A deployment then uses the token to access a compatible cloud service without needing a separate long-lived credential, adding an extra layer of security to your deployments.
Improve security, and reduce the likelihood of improper theft or use of cloud credentials.

AWS assume role
Safely and securely grant access to env0 to deploy into your environment without actually providing administrative credentials.
Retain full control of secret keys and security tokens so that they remain in your environment.
