Access Management

Monte Carlo enforces robust access management controls across both its Observability + AI platform and internal systems. These controls are designed to uphold the principles of least privilege, segregation of duties, and continuous monitoring — ensuring that only authorized users can access the data and resources they need.

Product Access Management

How does Monte Carlo manage user access within the platform?

Monte Carlo provides granular access controls to ensure users have only the permissions necessary to perform their roles. Access can be centrally managed and synchronized with your organization’s identity provider.

Key features include:

Single Sign-On (SSO) via SAML 2.0, Okta, Azure AD, and other providers
Role-Based Access Control (RBAC) for assigning permissions by user or team
SCIM provisioning and deprovisioning for automated lifecycle management
Least-privilege configurations for restricting access to sensitive data sources

Can administrators audit and monitor user access?

Yes. Monte Carlo provides comprehensive audit logs that capture user logins, configuration changes, and administrative actions. Audit data can be exported or integrated with your organization’s SIEM for continuous monitoring.

See also: Audit Logs – Monte Carlo Docs

Does Monte Carlo support temporary or just-in-time access?

Monte Carlo supports time-bound access management through integration with enterprise identity platforms. Administrators can revoke or adjust permissions at any time to align with least-privilege access principles.

Can permissions differ by data source, workspace, or domain?

Yes. Permissions can be scoped to individual data sources, domains, or workspaces. Organizations can apply different access levels for development, testing, and production environments.

How does Monte Carlo handle third-party or vendor integrations?

Third-party integrations (e.g., Slack, PagerDuty, Snowflake, Databricks) follow scoped access using API tokens and OAuth credentials. Customers control which systems connect and what data each integration can access.

Internal Access Controls

How does Monte Carlo manage employee access to customer environments?

Monte Carlo follows a least-privilege model for all internal access. Only authorized personnel who require access for support or maintenance can reach customer environments — and only under defined conditions.

Controls include:

Centralized identity and role-based access
Multi-factor authentication (MFA) for all privileged systems
Continuous monitoring of administrative access

How are internal access rights reviewed and certified?

Monte Carlo performs quarterly access reviews across all production systems. Access changes as a result of the review are documented and tracked to completion.

How is privileged access monitored and logged?

All privileged sessions are monitored, logged, and reviewed as needed by Monte Carlo’s Security team. Logs are stored securely and included in internal and third-party audit scopes.

What authentication methods are used for internal systems?

Monte Carlo enforces multi-factor authentication (MFA) for all employees and contractors. Administrative access to production systems requires VPN access.

How quickly is access revoked when employees or contractors leave?

Access is revoked within 24 hours upon termination, typically by close of business the day of departure.

How does Monte Carlo manage vendor or subprocessor access?

Monte Carlo works only with **approved subprocessors ** who meet strict security and compliance requirements.

All vendors undergo due diligence reviews and are bound by contractual data protection and confidentiality terms.

No vendor receives account level access outside of specific engagements such as penetration testing. Such access is documented and approved prior to provisioning.

Updated about 4 hours ago