Cloud Security Principles

All access to service interfaces should be constrained to authenticated and authorised individuals.

NCSC - Identity and Authentication

Access to the service infrastructure is limited to authorised staff who require access for a specific documented purpose. There's more information in the Secure Service Administration section. Users have no direct access to the service infrastructure.

Access to the service management interface (iCM) is performed via HTTPS, can be federated with an existing identity provider, may be restricted to certain IP addresses, and requires a username and password with complexity rules you define.