Identity and Access Management (IAM) is an important aspect of information security. The deployment of cloud computing (CC) and cloud-based computing (CbC) creates a complex information security scenario involving multiple global stakeholders and geographically dispersed infrastructures. Therefore, implementing IAM in CC/CbC requires the consideration and consolidation of multiple factors. A trust-based approach towards information security may not be a credible option for the CC/CbC environment as trust-based relationships among different architectural elements and including human beings may pose an additional security threat to the cloud space. In this paper, we propose a zero-trust framework for federated IAM in CC/CbC. The proposed framework incorporates a decentralised approach towards IAM that aims to minimise any single entity’s controlling power over the digital assets in the CC/CbC space. The critical component of the proposed framework is the decentralised audit log.