See. Encode.
Opal is the access control plane for every identity. Our AI understands the CISO's context with a security engineer's precision.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg"><g d="M 4.5 0 L 4.5 9.334 M 0 4.5 L 4.667 9.167 L 9.334 4.5" fill="transparent" height="9.334000000000003px" id="wVLQb2Yt7" transform="translate(2.5 2.5)" width="9.333999999999946px"><path d="M 0 0 L 0 9.334" fill="transparent" height="9.334000000000003px" id="Ho_4eUERn" stroke-dasharray="" stroke-linecap="butt" stroke-linejoin="round" stroke-width="1.2" stroke="rgb(35, 41, 51)" transform="translate(4.5 0)" width="1px"/><path d="M 0 0 L 4.667 4.667 L 9.334 0" fill="transparent" height="4.667000000000002px" id="q4SooRAjE" stroke-dasharray="" stroke-linecap="square" stroke-linejoin="round" stroke-width="1.2" stroke="rgb(35, 41, 51)" transform="translate(0 4.5)" width="9.333999999999946px"/></g></svg>)
Trusted by leading companies
Built for every identity.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M 11.699 0 L 1.301 0 C 0.582 0 0 0.597 0 1.333 L 0 8 C 0 8.736 0.582 9.333 1.301 9.333 L 11.699 9.333 C 12.418 9.333 13 8.736 13 8 L 13 1.333 C 13 0.597 12.418 0 11.699 0 Z M 3.9 12 L 9.1 12 M 6.5 9.333 L 6.5 12" fill="transparent" height="12.00000014241028px" id="t8ahIqZEK" stroke-dasharray="" stroke-linecap="square" stroke-linejoin="round" stroke-width="1.333" stroke="rgb(35, 41, 51)" transform="translate(1.5 2)" width="13px"/></svg>)
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><g d="M 0 0 L 16 0 L 16 16 L 0 16 Z M 8 10.667 C 9.473 10.667 10.667 9.473 10.667 8 C 10.667 6.527 9.473 5.333 8 5.333 C 6.527 5.333 5.333 6.527 5.333 8 C 5.333 9.473 6.527 10.667 8 10.667 Z M 0.7 8 L 4.667 8 M 11.34 8 L 15.307 8" fill="transparent" height="16px" id="kiR6YSNnD" width="16px"><path d="M 0 0 L 16 0 L 16 16 L 0 16 Z" fill="transparent" height="16px" id="zpfMrEdsz" width="16px"/><path d="M 7.3 5.334 C 8.773 5.334 9.967 4.14 9.967 2.667 C 9.967 1.194 8.773 0 7.3 0 C 5.827 0 4.633 1.194 4.633 2.667 C 4.633 4.14 5.827 5.334 7.3 5.334 Z M 0 2.667 L 3.967 2.667 M 10.64 2.667 L 14.607 2.667" fill="transparent" height="5.334000000000003px" id="SYkB2lKJ2" stroke-dasharray="" stroke-linecap="square" stroke-linejoin="round" stroke-width="1.333" stroke="rgb(35, 41, 51)" transform="translate(0.7 5.333)" width="14.607000343322767px"/></g></svg>)
See every identity, relationship, and access path.
OpalQuery
Query your entire stack in plain English to surface risk, over-provisioned access, separation-of-duties conflicts, and hidden privilege escalation paths.
Encode access policy into reusable logic.
OpalScript
Turn approval rules into version-controlled workflows that scale across every team and environment. Write it in code, or describe what you need and let AI generate it.
Enforce least privilege continuously.
Paladin
Our AI agent evaluates every request, approves what's safe on its own, escalates only what needs a human, and revokes access the moment it's no longer needed.
Use Cases
Identity governance for every access decision.
Apply identity controls across human users, AI agents, applications, and infrastructure from a single governance layer.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M 10.667 0 L 1.333 0 C 0.597 0 0 0.597 0 1.333 L 0 10.667 C 0 11.403 0.597 12 1.333 12 L 10.667 12 C 11.403 12 12 11.403 12 10.667 L 12 1.333 C 12 0.597 11.403 0 10.667 0 Z M 0 4 L 12 4 M 4 12 L 4 4" fill="transparent" height="12px" id="UY7lwBuEB" stroke-dasharray="" stroke-linecap="square" stroke-linejoin="miter" stroke-miterlimit="10" stroke-width="1.333" stroke="rgb(35, 41, 51)" transform="translate(2 2)" width="12px"/></svg>)
AI-Powered Access Reviews
Surface the riskiest access with explainable recommendations, so reviews stop being stamps.
Just-In-Time Access
Grant privileged access only when it's needed, and revoke it automatically when the work is done.
Access Intelligence
Ask who has access to what, and why, in plain English. Answers in seconds, not a quarterly report.
Security for AI Agents
Define what AI agents can see, access, and execute before they touch your systems.
Programmable Governance
Build access logic into workflows and approvals as version-controlled, testable code.
Passing a SOC 2 audit
Killing standing access
Rolling out AI agents
Recertifying access
Offboarding at scale
A wave of new hires
Responding to a breach
Onboarding contractors and vendors
Preparing for an IPO
A merger or acquisition
Built on a complete view of your environment.
Opal connects to 250+ systems across cloud, identity, SaaS, databases, and AI platforms to build a complete access graph and enforce governance where it matters.
Workday
Twingate
Tines
Terraform
Teleport
Tailscale
Snowflake
Slack
ServiceNow
Salesforce
RunReveal
Rootly
PagerDuty
Oracle Fusion Cloud
Opsgenie
OpenAI
Okta
Notion
Linear
LDAP
Jira SM
Jira
Internal Tools
incident.io
Google Workspace
Google Groups
GCP
Google Chat
GitLab
GitHub
GCP Project
GCP GKE
GCP Folder
GCP Compute
GCP Cloud SQL
GCP Bucket
Fresh Service
Entra ID
Email
Duo
Devin AI
Datastax Astra
Databricks
Cursor
Coupa
Azure VM
Azure SQL
Azure Blob Storage
Azure AD
AWS SSO
AWS IAM Role
Anthropic Platform
AWS
Amazon EKS
Amazon EC2
Amazon Aurora
Active Directory
