Platform Security
ngrok is built on a platform with security, governance, and compliance at its core. With strong IAM capabilities—including granular RBAC, SSO, IP restrictions, and ACLs— and strict adherence to privacy standards such as GDPR and CCPA, it provides the security and control you need to confidently deliver apps and APIs.
ngrok’s IAM equips you to:
- Issue, rotate, and revoke unique credentials for each user or bot user.
- Authenticate users with email and password, your preferred IdP, or with a federated IdP via Single Sign-On.
- Control secure tunnel access with ACLs.
- Add extra layers of security such as MFA or even IP restrictions.
- Enforce least-privilege access for every user or bot in your ngrok account.
- Manage multiple ngrok accounts with a single ngrok user.
ngrok's RBAC lets you control exactly what actions each user can take in your account.
Assign roles like Developer, Team, Billing, or Administrator to define exactly who can create resources, manage team members, or handle billing. You can also use Access Control Lists (ACLs) for fine-grained control over credentials, letting you scope down what each token or key can do within your account.
Enforce SSO for all users to ensure a simplified login experience. Integrate with one or more Identity Providers (IdPs) including Okta, Azure AD. Supports any IdP using SAML or OpenID Connect (OIDC) protocols.
Simplify organizational access by claiming ownership of your email domain and directing all logins and sign-ups to a common ngrok account.
This policy enforces consistent security controls by requiring everyone in your organization to use a single, SSO-authenticated account, preventing unauthorized account creation, sign-ups, and account sprawl.
ngrok is SOC 2 Type 2 compliant and fully meets the highest data privacy standards, including GDPR and CCPA.
We provide access to the SOC 2 reports as well as all third party security upon request at the ngrok security and trust portal. This focus on compliance and privacy ensures that ngrok supports regulated industries such as banking, energy, and others, allowing organizations to use our platform with confidence.
More Platform Security capabilities
- Set up bot users for automated processes to interact with your ngrok account.
- Ensure uninterrupted operation of ngrok agents, even after the original user leaves the account.
- Bot users own credentials (Authtokens, API Keys, and SSH Keys) and can be easily managed in the ngrok Dashboard.
- Configure your account to restrict dashboard access by allowing only specific IP CIDR blocks.
- IP restrictions can be set manually in the ngrok dashboard or programmatically via the API with a
typeofdashboard.
- Track audit events like domain creation/deletion, API key management, IP policy updates, and traffic events like HTTP request processing.
- Forward audit logs to your preferred observability solution or SIEM for further processing.
- Supported platforms include AWS CloudWatch, AWS Firehose, AWS Kinesis, Azure Monitor, and Datadog.
- Supports a core set of SCIM operations for user provisioning and de-provisioning.
- Fully compatible with major IdPs like Okta and Azure AD.
- Enable SCIM provisioning to let your federated SSO IdP handle SCIM API calls directly with ngrok.
- Implement defense-in-depth strategy.
- Principle of least privilege - engineers have minimal access to prod environments.
- All data encrypted at rest across databases, file systems, and data warehousing.
- Enhanced key security - secrets and keys are encrypted at the application layer with ngrok-contolled.
- Vetted, secure solution trusted by organizations.
