IoT Security — Access Control & Audit Trail | Kilo

IoT Security

IoT security built on precise access control

Kilo grants access per surface, not per job title: every user gets Edit, View, or No access to each part of the platform, and an append-only audit trail records who changed what. Organizations stay completely isolated from each other.

Access Control

ABAC permissions per surface — not all-or-nothing roles

Attribute-based access control (ABAC) sets Edit, View, or No access on every product surface independently.

Dashboards, devices, rules, connectors, subscription, user management — each is its own permission. A deployment engineer gets Edit on devices and connectors but no access to billing. An operations manager edits dashboards and alerts while the rules engine stays view-only. A stakeholder sees everything and changes nothing.

There is no role selector to outgrow. You define exactly the access each person needs — and later adjust any single surface without touching the rest.

app.kiloiot.io · Organization

Real product
Click to enlarge

Roles & Ownership

IoT access control: role labels computed from real permissions

Admin, Editor, and Viewer are labels Kilo derives from a user’s actual permission set. When the permissions match a pattern, the label shows; when they don’t, the table lists the individual surfaces instead. Nothing hides behind a role name.

01

Owner

Exactly one per organization. Ownership is a property of the organization itself, grants automatic access everywhere, and changes hands only through an explicit transfer the new owner must accept.

02

Admin

Edit access across all surfaces, including Subscription and user management. The audit trail stays read-only — for admins and the owner alike.

03

Editor

Edit on the operational surfaces — dashboards, devices, rules — with no access to Subscription or user management.

04

Viewer

View on most surfaces: full visibility into the deployment without the ability to change anything.

Organizations

Organizations keep every IoT deployment isolated

Devices, dashboards, members, permissions, audit history — everything in Kilo is scoped to one organization. What happens inside one organization is invisible to every other.

One account can still belong to several organizations: Owner of your own, Editor in a partner’s, Viewer in a test environment. Switching context takes one click — and your permissions change with it.

Invitations carry permissions

Access is defined before anyone enters: you set every surface in the invitation itself. Invites go only to existing Kilo accounts, stay valid for 7 days, and can be revoked at any time.

Isolation by default

Each organization has its own members and its own permission set. The same person can hold completely different access in different organizations.

Switching without logging out

The My organizations list shows every membership, with a checkmark on the active one. Your last selection is remembered the next time you sign in.

Accountability

IoT security you can prove: audit trail and API keys

Controlling who gets in is half the job — the other half is showing exactly what happened afterwards.

Append-only audit trail

Every membership and permission event is recorded: who invited whom, who accepted, who was removed — and permission changes include the before-and-after difference showing exactly what changed. The log is read-only for everyone, including the owner: no access path can edit or delete it.

  • Before/after diff on every permission change
  • Read-only for all users — owner included
  • Filter by actor, event type, and date range

Scoped API keys

Programmatic access follows the same discipline. Each key carries only the scopes its integration needs — read or write, per resource — with an optional expiry date. The full key value is shown exactly once.

  • Rotate: a new value is issued, the old key stops instantly
  • Revoke permanently — the key stays visible for history
  • Key prefix and last-used timestamp in the table

Kilo On-Premise

The same server, self-hosted on your own infrastructure — your devices, data, and access control stay inside your network.

Talk to us

FAQ

IoT security FAQ

How is Kilo’s access control different from fixed roles?

Kilo uses attribute-based access control (ABAC): every product surface — dashboards, devices, rules, connectors, and more — is set to Edit, View, or No access independently. Admin, Editor, and Viewer are computed labels derived from the actual permission set; custom combinations simply display the individual surface names.

Can one account belong to several organizations?

Yes. A single account can be Owner in one organization, Editor in another, and Viewer in a third. Switching happens from the My organizations list in one click, the interface adopts the new context immediately, and the organizations themselves remain fully isolated from each other.

What does the audit trail record?

Membership and permission events: invitations sent and accepted, permission changes — including the before-and-after difference — and user removals. The log is append-only and read-only for every user, including the organization owner; no one can edit or delete entries.

What happens if an API key is compromised?

Rotate it — a new value is issued and the old key stops authenticating immediately — or revoke it permanently. Because each key is scoped to only the permissions its integration needs, the impact stays contained, and rotated or revoked keys remain visible in the table for a complete history.

Access control your whole team can live with

Start free with 5 devices — invite your team with exactly the permissions each person needs, and see every change in the audit trail.