Providing authorization and authentication in a cloud for a user of a storage array includes: receiving, by a cloud-based security module from a client-side array services module, user credentials; authenticating, by the cloud-based security module, the user credentials; identifying, by the cloud-based security module, authorized access privileges defining one or more storage array services accessible by the user; generating, by the cloud-based security module, a token representing the authentication of the user credentials and the authorized access privileges; and providing, by the cloud-based security module to the client-side array services module, the token.