As enterprises scale their infrastructure on the HashiCorp Cloud Platform (HCP), platform teams face the challenge of maintaining security without slowing down developer velocity. Managing a sprawling infrastructure requires identity systems that are robust enough to handle non-human scale while remaining resilient against human operational risks.
Today, we are announcing two key enhancements to HCP access control:
- Multiple organization owners
- Organization-level role assignments for project service principals
These features ensure that no human process is a single point of failure, and no automated process relies on high-risk, static credentials.
In this post, we will cover how these updates provide operational continuity, enable secure automation via workload identity federation (WIF), and support your transition to a zero trust security model.
»Improve resilience with multiple organization owners
For many organizations, the organization owner role is the most sensitive identity within their HCP estate. This role manages billing, top-level IAM policies, and organization deletion.
Historically, relying on a single owner created a "bus factor" risk. If that individual left the company or was locked out of their account, critical administrative tasks could stop, often requiring a manual support ticket to resolve. By supporting multiple organization owners, enterprises can now distribute this responsibility among trusted individuals.
This update provides several enterprise-ready benefits:
-
Operational continuity: It ensures that critical platform changes can always be authorized, regardless of an individual's availability.
-
Regulatory compliance: Support for multiple owners helps organizations meet stringent audit standards — such as SOC 2 Type II logical access requirements, NIST SP 800-53 (Control AC-5) for separation of duties, and HIPAA administrative safeguards — by providing the administrative redundancy necessary to prevent a single point of compromise.
-
Seamless offboarding: It allows for the transition of power during restructuring without the risk of an orphaned organization.
To maintain a model of least privilege, we have implemented a quota that defaults to three owners per organization. This nudges administrators to use more fine-grained roles whenever possible rather than over-provisioning high-level access.
»Scale global automation using project service principals
The gold standard for secure authentication in a hybrid cloud workflow is WIF, which exchanges short-lived tokens from external providers for HCP access, eliminating the need for static, long-lived credentials.
Previously, WIF was exclusive to project-level service principals, but organizational management tasks — such as creating new projects or managing groups — required roles assigned at the organization level. This forced security-conscious teams to choose between using WIF for scoped tasks or broad, static keys for global automation.
We have resolved this friction by enabling organization-level role assignments for project service principals.
A platform engineer can now create a service principal within a project, authenticate it via WIF, and grant it specific organization-level permissions like roles/projects.creator or roles/groups.manager. This approach allows for end-to-end automation of the HCP environment while adhering to the principle of least privilege.
»Build for an agentic future
These foundational updates to HCP access control are designed to support the emerging shift toward agentic workflows. As AI agents begin to perform more operational tasks as digital team members, the underlying identity system must handle non-human identities at a scale that surpasses human capacity.
By removing administrative bottlenecks and fortifying our automation hooks, we are helping enterprises build a resilient platform that is ready for the next level of innovation.
»Next steps
-
Review the HCP service principal documentation to learn how to scope your automation.
-
Log in to the HCP portal to add an additional owner to your organization today.
