In Parts 1 and 2, we covered two of our go-to Marketplace solutions: Application Reports for fast insights into system setup, and OneStream Diagnostics for staying ahead of system health issues. Now, in the final part of our Marketplace Musts series, we are looking at a tool that gives admins real control over their cloud environments: the Cloud Administration Tool (CAT).

As more organizations move to the cloud, admins need tools that let them work quickly and independently. That is exactly where CAT comes in, simplifying key tasks like managing applications and securing your key vault, without having to wait Support to get to your ticket.
Key Features and Benefits
Application Management
CAT makes it easy to manage OneStream applications in your Azure cloud environment:
- Create and clone applications – Copy existing applications to spin up new Dev/Test environments.
- Replace applications – Overwrite an existing app with an updated version from another environment.
- Remove unused applications – Free up valuable storage by removing apps you no longer need.
- Full audit history – View detailed logs of application changes, including user actions and timestamps.
Why this matters: These capabilities enable faster development cycles, easier testing, and cleaner governance of your OneStream environments—all without needing external support.
It really is as simple as making the following selections and only takes minutes to spin up a new application!
Source
Select your Source Environment and Application Name. Note: you mustbe in the Environment you are copying to.
Target
Select your Target Environment and Application Name or select Create New Application in the case of a new one.
Application Properties
Name your Application, if you want to keep the existing name just type the name of the Target Application here. I recommend setting Enable Scheduled Tasks to No unless you want your automated tasks to run.
Database Properties
Enable database reindexing rebuilds indexes during maintenance windows which will increase maintenance times. It is recommended only to do this on business-critical applications, so I set this to No for development copies.
Copying Across Environments
Two things to be cognizant of when copying across two different Environments are security and OneStream versions.
Security is set by Environment and user IDs are stored in the background. While it may look like you have the same users in both Environments the user numbers will be different if they were manually added to both.
To ensure the security is in sync you can extract the Security File with Unique IDs and load into your other Environment. If desired– you can also select specific users if not all users should be set up. If you are using your copy for development or testing only this step may not be necessary.
You also will want to ensure you are making copies into the same version of OneStream – if your Environments are on different versions you will need to sync before making a copy across them.
Key Management
CAT also provides direct access to manage your Azure Key Vault integration:
- Bring Your Own Key (BYOK) – Upload and manage your organization’s encryption keys in Azure.
- Certificates & Secrets (for Platform 8.0+ users) – Securely manage certificates and sensitive credentials, such as API keys or connection strings, directly within OneStream.
Why this matters: By managing your own keys, certificates, and secrets, you reduce your risk of service disruptions and tighten control over sensitive application integrations and data security.
Bonus Features
- Manual IIS Reset: Trigger application server resets directly from the dashboard to free up system memory or resolve application issues.
- Home Dashboard with Application Status: Get an at-a-glance view of history of application copies by user so you always know when the last copy was made.
When We Deploy It
We roll out Cloud Administration Tool as part of every cloud-based OneStream project to ensure client admins have full control from day one. Whether they are cloning an environment for UAT or managing encryption keys for compliance, CAT is the tool that makes it possible—fast and securely.
Pro Tip: Pair CAT with a Clear Governance Plan
While CAT gives admins direct control over sensitive actions like application cloning and key management, it is crucial to pair this tool with strong governance policies. We recommend:
- Limiting CAT access to your most experienced administrators.
- Documenting standard operating procedures (SOPs) for application cloning, environment removal, and key management.
- Scheduling periodic reviews of who has access to CAT.
By combining CAT with disciplined governance, you will maximize both security and operational efficiency in your cloud environment.
Why It Matters
CAT gives OneStream admins the tools they need to manage applications and security in a cloud-first world without bottlenecks or extra steps. By giving your team direct access to these critical tasks, CAT improves agility, strengthens governance, and simplifies ongoing maintenance of your OneStream cloud environment.
Series Wrap-Up
With Application Reports, System Diagnostics, and the Cloud Administration Tool, you are set up for smoother, more efficient OneStream implementations. These are the core tools we count on every single time to deliver faster and more reliable results.