> ## Documentation Index
> Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Identity and Access Management Overview

> Learn about ngrok's identity and access management system for managing credentials, enforcing access controls, and federating identity.

ngrok IAM helps you manage access to your account.
Give each person or system their own credentials, rotate or revoke access when needed, and see every change tied to a specific identity in audit logs.
You can also set up single sign-on (SSO) with your identity provider and manage multiple ngrok accounts from one user.

## Concepts

<Columns cols={1}>
  <Card title="Users" href="/iam/users/" horizontal>
    Manage human users who can log into the dashboard, start agents, create endpoints, and access the API.
  </Card>

  <Card title="Service Users" href="/iam/service-users/" horizontal>
    Create dedicated credentials for automated processes that interact with your ngrok account programmatically.
  </Card>

  <Card title="Role-based Access Control" href="/iam/rbac/" horizontal>
    Enforce least-privilege access by restricting what actions each user can take within your account.
  </Card>

  <Card title="Single Sign-On" href="/iam/sso/" horizontal>
    Federate identity with your IdP and enable SSO authentication for dashboard access.
  </Card>

  <Card title="Account Domain Controls" href="/iam/domain-controls/" horizontal>
    Enforce organization-wide account usage by requiring users with your email domain to use your account.
  </Card>
</Columns>

## Use cases

<Columns cols={2}>
  <Card title="Site-to-site connectivity" icon="network-wired" href="/guides/site-to-site-connectivity/">
    Grant secure access to customer network resources like REST APIs and databases without exposing them to the public internet.
  </Card>

  <Card title="Secure SSH and RDP access" icon="key" href="/guides/ssh-rdp/">
    Enable technicians and IT admins to maintain remote devices and servers via SSH or RDP through edge gateways.
  </Card>

  <Card title="Remote IoT device access" icon="building" href="/guides/device-gateway/overview/">
    Access smart factory IoT devices, telemetry sensors, and monitoring dashboards from remote networks.
  </Card>

  <Card title="Device gateway with SDK" icon="code" href="/guides/device-gateway/sdk/">
    Embed ngrok connectivity into Python applications to access APIs running on IoT devices.
  </Card>

  <Card title="Kubernetes customer networks" icon="server" href="/k8s/guides/customer-networks/">
    Connect from your Kubernetes cluster to customer on-premises systems like inventory databases and payment APIs.
  </Card>
</Columns>

## What's next?

* Manage team access with [Users](/iam/users/) and invitations.
* Create credentials for automation with [Service Users](/iam/service-users/).
* Federate identity and require IdP login with [Single Sign-On](/iam/sso/).
