Skip to main content

Overview

DSALTA connects to Nebius AI Cloud using read-only IAM access to collect compliance evidence automatically. Data syncs every 24 hours and feeds into your Data Library modules.
Read-only access. DSALTA never modifies, creates, or deletes resources in your Nebius tenant. The connection uses a Nebius service account to read tenant user accounts and inventory for identity, access, and asset monitoring.

How to Connect

Nebius connects with a service account and an authorized key — DSALTA generates the key for you, so no CLI is required. You’ll need tenant admin rights in the Nebius Console to set it up.
1

Check prerequisites

You need tenant admin rights in the Nebius Console to create a service account and upload an authorized key. The service account must be in the tenant admins or editors group — a viewer or auditor cannot read tenant user accounts.
2

Create the service account and upload the key

In the Nebius Console, create a service account and add it to the admins (or editors) group so DSALTA can read users. Then upload the public key that DSALTA provides as an authorized key on that service account — no CLI needed.
3

Enter your Nebius IDs

In the DSALTA sidebar, go to Integrations, find Nebius, and click Connect. In the secure window, paste your Tenant ID (starts with tenant-e00…), Service account ID (starts with serviceaccount-e00…), and the Public key ID shown in the Console after uploading the key (starts with publickey-e00…), then click Connect.
4

Validate and finish

DSALTA verifies the service account against Nebius IAM and completes the connection. It then runs an initial sync, after which the compliance checks below activate. The connection is durable — it never expires.

Automated Compliance Checks

Each check below runs automatically every 24 hours. Click any check for step-by-step remediation guidance.

Troubleshooting

Reconnect from Integrations → Nebius → Reconnect. This usually happens if the authorized key was removed from the service account in the Nebius Console, or the service account was deleted or dropped from the admins/editors group. Re-upload the key or restore the group membership, then reconnect.
Confirm the service account is still in the tenant admins or editors group — a viewer or auditor cannot read tenant user accounts. Verify the Tenant ID, Service account ID, and Public key ID are correct and that the public key is still present as an authorized key, then trigger a manual sync from the integration settings.