Skip to main content
Skip table of contents

Security Architecture

Overview

Hydra can be configured to follow a least-privilege, service-principal-based security model to perform all actions within your Azure environment. This model ensures that all activity initiated by Hydra, whether provisioning resources, querying telemetry, or managing identities, is scoped, auditable, and isolated per tenant.

Service Principal-Based Authorization

At the core of Hydra’s operation is a dedicated Azure Service Principal. This identity is granted limited, role-based permissions within the customer’s Azure subscription or resource group. All provisioning and management operations (e.g., creating session hosts, assigning users, querying host pool status) are performed on behalf of this service principal, ensuring a consistent and secure execution context.

Key characteristics:

  • The service principal is created during onboarding and is explicitly permission-scoped via custom or the built-in Azure Contributor role.

  • Access is auditable via Azure Activity Logs and Microsoft Graph.

Multi-Tenant Security Model

Hydra supports logical multi-tenancy by isolating tenant configuration, access, and resource scope through both platform-layer enforcement and Azure RBAC boundaries.

  • Each tenant is associated with its own service principal credentials, which define that tenant’s level of access to Azure resources.

  • Hydra enforces tenant isolation and grouping at the control plane, ensuring no cross-tenant visibility of configurations, metadata, or automation workflows.

  • Administrators can manage multiple tenants via a shared UI, but all actions are executed in the context of the target tenant’s service principal. The specific admin actions are separately logged in Hydra’s own database.

This model allows managed service providers (MSPs), large enterprises, or distributed IT teams to operate securely across multiple environments from a centralized control plane.

Additional Security Measures and Notes

  • Support for Private Endpoint deployments to further reduce surface area exposure in production environments.

  • The database can be restricted to only Entra authentication and use the Hydra identity for access (default configuration for new deployments after 06/2025 or v1.1.1.08).

  • Hydra permanently logs all admin actions into the SQL database’s Actions table. The Web UI also provides the previous 14 days of logs for quick access.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close