---
title: "Authz Control Point"
description: "Runtime authorization for Kubernetes and cloud services using Kyverno AuthZ — in private preview."
diataxis: explanation
applies_to:
  product: "kyverno"
audience: ["platform-engineer"]
last_updated: 2026-04-16
url: https://docs.nirmata.io/docs/controllers/authorization-service/
---


> **In Private Preview** — This feature is available to select customers. [Contact us to learn more](https://nirmata.com/request-a-demo/).

## Overview

The Nirmata Authorization Service provides runtime, identity-aware authorization for Kubernetes and cloud services, built on Kyverno AuthZ. It enables policy-driven access control decisions with full audit trails — going beyond admission control to govern every API call in real time.

## What's Included

- **Identity-aware authorization** — decisions based on user identity, group membership, and contextual attributes
- **Kyverno AuthZ integration** — leverage your existing Kyverno policies for runtime authorization
- **Kubernetes SubjectAccessReview webhook** — drop-in replacement for standard RBAC with policy-enriched decisions
- **Full audit trail** — every authorization decision logged with policy context
- **Exception handling** — manage authorization exceptions through Nirmata Control Hub
- **Integration with external identity providers** — OIDC, SAML, and cloud IAM support

## Get Access

The Authorization Service is currently available in private preview for select customers.

[Contact Us to Learn More →](https://nirmata.com/request-a-demo/)