Security Credentials

EPAM Orchestrator supports a solution that provides the safety of your account within EPAM Orchestration service and allows the managers to set up user permissions.

This topic contains the following sections:

Account Blocking

For security purpose, your account in EPAM Cloud will get blocked after four failing attempts to login to Orchestration. It will be automatically unblocked in 30 minutes, if no other login attempts are performed, and you will be able to try to log in again.

If your EPAM account also gets blocked and you unlock it with a request to Help Desk sooner than in 30 minutes, your Cloud account will still be inaccessible for you.

Registering in Orchestraion

Before you can start using the Orchestrator, you have to register your EPAM credentials. This is done via the or2-get-access(or2access) command that does not need any additional parameters: The command will prompt for you credentials, register them within the Orchestrator and create the file:


The credentials that the user enters according to the command request are checked for validity on Orchestrator side and a list of projects, available to the user, is drawn and stored in local Orchestrator storage.

You can run this command and provide the -s parameter to use your system credentials.

Passwords are never stored openly either on Orchestrator, or on Maestro CLI client side.

When the current Orchestrator session is finished, the specified credentials remain in the system and there is no need in registering on the next session start.

If you need to change the credentials for one reason or another, you have just to run the or2access once more.

Orchestrator allows Project Managers to customize user permissions to avoid any unwanted actions from specific project members and keep a better track of project infrastructure. Each project member is given access to a certain set of actions, depending on their current project role.

For more details on the user credentials and permissions, please see the Maestro CLI User Guide. Please pay special attention to section 1.3, Setting the Credentials.

User Roles and Permissions

By default, each project member is given access to a certain set of actions, depending on their current project role. We have created a generic Project role-mapping matrix that specifies the default permissions. If a user has several roles with a project, his default permissions will correspond to the role with the maximum permission level. However, there are cases when the default permission settings are not enough, and you need to set specific permissions for a separate user or a group of users having the same project role. In this case, Project Managers, Project Coordinators, Account Managers, and Delivery Managers can use the Manage Cloud wizard available on Cloud Dashboard