IoT Security
IoT security built on precise access control
Kilo grants access per surface, not per job title: every user gets Edit, View, or No access to each part of the platform, and an append-only audit trail records who changed what. Organizations stay completely isolated from each other.
Access Control
ABAC permissions per surface — not all-or-nothing roles
Attribute-based access control (ABAC) sets Edit, View, or No access on every product surface independently.
Dashboards, devices, rules, connectors, subscription, user management — each is its own permission. A deployment engineer gets Edit on devices and connectors but no access to billing. An operations manager edits dashboards and alerts while the rules engine stays view-only. A stakeholder sees everything and changes nothing.
There is no role selector to outgrow. You define exactly the access each person needs — and later adjust any single surface without touching the rest.
app.kiloiot.io · Organization
Real productRoles & Ownership
IoT access control: role labels computed from real permissions
Admin, Editor, and Viewer are labels Kilo derives from a user’s actual permission set. When the permissions match a pattern, the label shows; when they don’t, the table lists the individual surfaces instead. Nothing hides behind a role name.
Owner
Exactly one per organization. Ownership is a property of the organization itself, grants automatic access everywhere, and changes hands only through an explicit transfer the new owner must accept.
Admin
Edit access across all surfaces, including Subscription and user management. The audit trail stays read-only — for admins and the owner alike.
Editor
Edit on the operational surfaces — dashboards, devices, rules — with no access to Subscription or user management.
Viewer
View on most surfaces: full visibility into the deployment without the ability to change anything.
Organizations
Organizations keep every IoT deployment isolated
Devices, dashboards, members, permissions, audit history — everything in Kilo is scoped to one organization. What happens inside one organization is invisible to every other.
One account can still belong to several organizations: Owner of your own, Editor in a partner’s, Viewer in a test environment. Switching context takes one click — and your permissions change with it.
Invitations carry permissions
Access is defined before anyone enters: you set every surface in the invitation itself. Invites go only to existing Kilo accounts, stay valid for 7 days, and can be revoked at any time.
Isolation by default
Each organization has its own members and its own permission set. The same person can hold completely different access in different organizations.
Switching without logging out
The My organizations list shows every membership, with a checkmark on the active one. Your last selection is remembered the next time you sign in.
Accountability
IoT security you can prove: audit trail and API keys
Controlling who gets in is half the job — the other half is showing exactly what happened afterwards.
Append-only audit trail
Every membership and permission event is recorded: who invited whom, who accepted, who was removed — and permission changes include the before-and-after difference showing exactly what changed. The log is read-only for everyone, including the owner: no access path can edit or delete it.
- Before/after diff on every permission change
- Read-only for all users — owner included
- Filter by actor, event type, and date range
Scoped API keys
Programmatic access follows the same discipline. Each key carries only the scopes its integration needs — read or write, per resource — with an optional expiry date. The full key value is shown exactly once.
- Rotate: a new value is issued, the old key stops instantly
- Revoke permanently — the key stays visible for history
- Key prefix and last-used timestamp in the table
Kilo On-Premise
The same server, self-hosted on your own infrastructure — your devices, data, and access control stay inside your network.
Keep exploring
What controlled access unlocks
FAQ
IoT security FAQ
How is Kilo’s access control different from fixed roles?
Kilo uses attribute-based access control (ABAC): every product surface — dashboards, devices, rules, connectors, and more — is set to Edit, View, or No access independently. Admin, Editor, and Viewer are computed labels derived from the actual permission set; custom combinations simply display the individual surface names.
Can one account belong to several organizations?
Yes. A single account can be Owner in one organization, Editor in another, and Viewer in a third. Switching happens from the My organizations list in one click, the interface adopts the new context immediately, and the organizations themselves remain fully isolated from each other.
What does the audit trail record?
Membership and permission events: invitations sent and accepted, permission changes — including the before-and-after difference — and user removals. The log is append-only and read-only for every user, including the organization owner; no one can edit or delete entries.
What happens if an API key is compromised?
Rotate it — a new value is issued and the old key stops authenticating immediately — or revoke it permanently. Because each key is scoped to only the permissions its integration needs, the impact stays contained, and rotated or revoked keys remain visible in the table for a complete history.
Access control your whole team can live with
Start free with 5 devices — invite your team with exactly the permissions each person needs, and see every change in the audit trail.