检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating IAM Custom Policies for IAM Identity Center You can create custom policies to supplement the system-defined policies of IAM Identity Center. To create a custom policy, choose either visual editor or JSON.
Creating an IAM User and Granting Permission to Use IAM Identity Center You can use Identity and Access Management (IAM) to implement fine-grained permissions control over your IAM Identity Center resources.
Service Overview What Is IAM Identity Center? Application Scenarios Notes and Constraints Permissions Concepts 04 APIs Use diverse APIs provided by IAM Identity Center to manage instances, permission sets, account assignments, and users.
IAM Identity Center Resetting If you no longer need to use IAM Identity Center, intend to enable IAM Identity Center in a different region, or intend to create a new configuration from scratch, you can delete all data configured in IAM Identity Center.
What Is IAM Identity Center? Introduction IAM Identity Center helps you centrally manage your workforce identities and their access to multiple Huawei Cloud accounts.
Logging In as an IAM Identity Center User and Accessing Resources After associating member accounts of an organization with an IAM Identity Center user and permission sets, you can use the IAM Identity Center username and password to log in to the console through the user portal URL
For details, see Creating Permission Sets and Associating Accounts with IAM Identity Center Users/Groups and Permission Sets. IAM Identity Center provides a single user portal URL for all of your IAM Identity Center users to log in to the management console.
Obtaining Information About Account, IAM User, Group, Project, Region, and Agency Obtaining Account, IAM User, and Project Information Using the console On the Huawei Cloud homepage, click Console in the upper right corner.
Concepts IAM Identity Center User A user created in IAM Identity Center. You can associate an IAM Identity Center user with multiple accounts in your organization and configure permissions for the user.
The management account can delegate administration of IAM Identity Center to member accounts in your organization to extend the ability to manage IAM Identity Center. Procedure Log in to the Huawei Cloud console.
Overview Read this chapter if you are using IAM Identity Center for the first time. It helps you quickly familiarize yourself with the main functions of IAM Identity Center. The following figure shows how to use IAM Identity Center. Figure 1 Flowchart
Table 1 Quotas for IAM Identity Center Item Default Quota Adjustable Number of users that can be created in IAM Identity Center 100,000 Yes Number of groups that can be created in IAM Identity Center 100,000 Yes Number of users in a group Unlimited - Number of groups to which a user
The group name must be unique in IAM Identity Center. (Optional) Select users to be added to this group. Click OK. An IAM Identity Center group is created and displayed in the group list. Parent topic: Group Management
Okta IAM Identity Center supports automatic provisioning (synchronization) of user and group information from Okta into IAM Identity Center using the SCIM v2.0 protocol.
Then, you can log in to the system as the IAM Identity Center user to access resources of those accounts without repeated login. If you are using IAM Identity Center for the first time, the service enabling page is displayed. Click Enable Now to enable IAM Identity Center first.
You configure this connection in your IdP using your SCIM endpoint for IAM Identity Center and a bearer token that you create in IAM Identity Center.
Deleting Users You can delete an IAM Identity Center user that is no longer needed. Deleting an IAM Identity Center user deletes all information about the user and revokes its access permissions. Deleted users cannot be restored. Exercise caution when performing this operation.
Adding Users to or Removing Users from a Group After an IAM Identity Center user is added to or removed from a specific IAM Identity Center group, the user gains or loses the permissions of that group. This way, you can change the user's permissions quickly.
Managing Certificates IAM Identity Center uses certificates to set up a SAML trust relationship between IAM Identity Center and your external identity provider.
Microsoft Azure AD IAM Identity Center supports automatic provisioning (synchronization) of user and group information from Microsoft Azure Active Directory (Azure AD) into IAM Identity Center using the SCIM v2.0 protocol.
