> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wandb.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Deployment options and security features

> Learn about Weave's deployment options, IAM management, and data security features.

Weave is available on the following deployment options:

* **[W\&B Multi-tenant Cloud](https://docs.wandb.ai/platform/hosting/hosting-options/multi_tenant_cloud):** A multi-tenant, fully-managed platform deployed in W\&B's Google Cloud Platform (Google Cloud) account in a North America region.
* **[W\&B Dedicated Cloud](https://docs.wandb.ai/platform/hosting/hosting-options/dedicated-cloud):** Generally available on AWS, Google Cloud, and Azure.
* **[Self-Managed instances](/weave/guides/platform/weave-self-managed):** For teams that prefer to host Weave independently, guidance is available from your W\&B team to evaluate deployment options.

## Identity and Access Management

Use the identity and access management capabilities for secure authentication and effective authorization in your [W\&B Organization](/platform/hosting/iam/org_team_struct#organization). The following capabilities are available for Weave users depending on your deployment option and [pricing plan](https://wandb.ai/site/pricing/):

* **Authenticate using Single-Sign On (SSO):** Options include public identity providers like Google and Github, as well as enterprise providers such as Okta, Azure Active Directory, and others, [using OIDC](/platform/hosting/iam/sso).
* **[Team-based logical separation](/platform/app/settings-page/teams):** Each team may correspond to a business unit, department, or project team within your organization.
* **Use W\&B projects to organize initiatives:** Organize initiatives within teams and configure the required [visibility scope](/platform/hosting/iam/access-management/restricted-projects), including the `restricted` scope for sensitive collaborations.
* **Role-based access control:** Configure access at the [team](/platform/hosting/iam/access-management/restricted-projects#assign-project-level-role-to-a-user) or [project](/platform/hosting/iam/access-management/restricted-projects#assign-project-level-role-to-a-user) level to ensure users access data on a need-to-know basis.
* **Scoped service accounts:** Automate Gen AI workflows using service accounts scoped to your organization or team.
* **[SCIM API and Python SDK](/platform/hosting/iam/automate_iam):** Manage users and teams efficiently with the SCIM API and the Python SDK.

## Data security

* **Multi-tenant Cloud:** Data for all Weave users is stored in a shared Clickhouse Cloud cluster, encrypted using cloud-native encryption. Shared compute services process the data, ensuring isolation through a security context comprising your W\&B organization, team, and project.

* **Dedicated Cloud:** Data is stored in a unique Clickhouse Cloud cluster in the cloud and region of your choice. A unique compute environment processes the data, with the following additional protections:
  * **[IP allowlisting](/platform/hosting/data-security/ip-allowlisting):** Authorize access to your instance from specific IP addresses. This is an optional capability.
  * **[Private connectivity](/platform/hosting/data-security/private-connectivity):** Route data securely through the cloud provider's private network. This is an optional capability.
  * **[Data encryption](/platform/hosting/data-security/data-encryption):** W\&B encrypts data at rest using a unique W\&B-managed encryption key.
  * **Clickhouse cluster security:** W\&B connects to the unique Clickhouse Cloud cluster for your Dedicated Cloud instance over the cloud provider's private network. W\&B also encrypts the cluster using a unique W\&B-managed encryption key, while leveraging Clickhouse's file level encryption.

<Warning>
  [The W\&B Platform secure storage connector or BYOB](/platform/hosting/data-security/secure-storage-connector) is not available for Weave.
</Warning>

## Maintenance

If you're using Weave on Multi-tenant Cloud or Dedicated Cloud, you avoid the overhead and costs of provisioning, operating, and maintaining the W\&B platform, as it is fully managed for you.

## Compliance

<Tip>
  To request SOC 2 reports and other security and compliance documents, refer to the [W\&B Security Portal](https://security.wandb.ai/) or contact your W\&B team for more information.
</Tip>

Security controls for both Multi-tenant Cloud and Dedicated Cloud are periodically audited internally and externally. Both platforms are SOC 2 Type II compliant. Additionally, Dedicated Cloud is HIPAA-compliant for organizations managing PHI data while building Generative AI applications.