检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Service Overview What Is IAM Identity Center? Application Scenarios Notes and Constraints Permissions Concepts 04 APIs Use diverse APIs provided by IAM Identity Center to manage instances, permission sets, account assignments, and users.
Obtaining Information About Account, IAM User, Group, Project, Region, and Agency Obtaining Account, IAM User, and Project Information Using the console On the Huawei Cloud homepage, click Console in the upper right corner.
IAM Identity Center Resetting If you no longer need to use IAM Identity Center, intend to enable IAM Identity Center in a different region, or intend to create a new configuration from scratch, you can delete all data configured in IAM Identity Center.
What Is IAM Identity Center? Introduction IAM Identity Center helps you centrally manage your workforce identities and their access to multiple Huawei Cloud accounts.
Logging In as an IAM Identity Center User and Accessing Resources After associating member accounts of an organization with an IAM Identity Center user and permission sets, you can use the IAM Identity Center username and password to log in to the console through the user portal URL
Logging In as an IAM Identity Center User and Accessing Resources You can use an IAM Identity Center username and password to log in to the management console through the user portal URL.
Creating IAM Custom Policies for IAM Identity Center You can create custom policies to supplement the system-defined policies of IAM Identity Center. To create a custom policy, choose either visual editor or JSON.
Creating a User and Granting IAM Identity Center Permissions You can use Identity and Access Management (IAM) for fine-grained permissions control for your IAM Identity Center. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
Concepts IAM Identity Center User A user created in IAM Identity Center. You can associate an IAM Identity Center user with multiple accounts in your organization and configure permissions for the user.
Okta IAM Identity Center supports automatic provisioning (synchronization) of user and group information from Okta into IAM Identity Center using the SCIM v2.0 protocol.
The management account can delegate administration of IAM Identity Center to a member account in your organization to extend the ability to manage IAM Identity Center.
Overview Read this chapter if you are using IAM Identity Center for the first time. It helps you quickly familiarize yourself with the main functions of IAM Identity Center. The following figure shows how to use IAM Identity Center. Figure 1 Flowchart
The group name must be unique in IAM Identity Center. (Optional) Select users to be added to this group. Click OK. An IAM Identity Center group is created and displayed in the group list. Parent topic: Group Management
Adding Users to or Removing Users from a Group After an IAM Identity Center user is added to or removed from a specific IAM Identity Center group, the user gains or loses the permissions of that group. This way, you can change the user's permissions quickly.
Deleting a User You can delete an IAM Identity Center user that is no longer needed. Deleting an IAM Identity Center user deletes all information about the user and revokes its access permissions. Deleted users cannot be restored. Exercise caution when performing this operation.
Then, you can log in to the system as the IAM Identity Center user to access resources of those accounts without repeated login. If you are using IAM Identity Center for the first time, the service enabling page is displayed. Click Enable Now to enable IAM Identity Center first.
Managing Certificates IAM Identity Center uses certificates to set up a SAML trust relationship between IAM Identity Center and your external identity provider.
Listing Instances Function This API is used to query the instance list of IAM Identity Center.
Table 1 Quotas for IAM Identity Center Item Default Quota Adjustable Number of users that can be created in IAM Identity Center 100,000 Yes Number of groups that can be created in IAM Identity Center 100,000 Yes Number of users in a group Unlimited - Number of groups to which a user
You configure this connection in your IdP using your SCIM endpoint for IAM Identity Center and a bearer token that you create in IAM Identity Center.
