# Identity and access

Union.ai provides a layered identity and access management system that controls how users and applications authenticate and what resources they can access. Access control spans two distinct domains: in-product authentication and authorization (RBAC, SSO, API keys) and infrastructure-level access to the customer's cloud environment.

This section covers:

* [Authentication](https://www.union.ai/docs/v2/union/security/identity-and-access/authentication/page.md): OIDC, API keys, service accounts, and SSO configuration.
* [Role-based access control](https://www.union.ai/docs/v2/union/security/identity-and-access/rbac/page.md): Built-in roles, custom policies, enforcement, and the least-privilege principle.
* [Human access controls](https://www.union.ai/docs/v2/union/security/identity-and-access/human-access/page.md): How Union.ai personnel access customer environments in self-managed and BYOC deployments.

## Subpages

- [Authentication](https://www.union.ai/docs/v2/union/security/identity-and-access/authentication/page.md)
  - Authentication methods
  - Single sign-on
  - Verification
  - SSO and credential lifecycle
- [Role-based access control](https://www.union.ai/docs/v2/union/security/identity-and-access/rbac/page.md)
  - Built-in roles
  - Custom policies
  - Enforcement
  - Least privilege
  - Verification
  - RBAC enforcement
- [Human access controls](https://www.union.ai/docs/v2/union/security/identity-and-access/human-access/page.md)
  - Self-managed
  - BYOC
  - Customer-side support access (optional)
  - Access scope
  - Verification
  - Human access controls

---
**Source**: https://github.com/unionai/unionai-docs/blob/main/content/security/identity-and-access/_index.md
**HTML**: https://www.union.ai/docs/v2/union/security/identity-and-access/