检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Listing Instances Function This API is used to query the instance list of IAM Identity Center.
Updating Access Control Attributes for a Specified Instance Function This API is used to update IAM Identity Center identity source attributes that can be used with the IAM Identity Center instance for ABAC.
Choosing an MFA Device Type You can choose a device type for MFA authentication when IAM Identity Center users are prompted for MFA. Procedure Log in to the Huawei Cloud console. Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center.
For example, if you enter the IAM console URL, users will access the IAM console after login. Description Description of a permission set.
Constraints For details about the quota limits of IAM Identity Center, see Notes and Constraints. For more constraints, see API description. Parent topic: Before You Start
IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview. IAM Identity Center Permissions New IAM users do not have any permissions assigned by default.
Table 1 IAM Identity Center operations that can be recorded by CTS Operation Resource Type Event Name Enabling IAM Identity Center Instance StartIdentityCenter Disabling IAM Identity Center Instance DeleteIdentityCenter Registering a region Instance RegisterRegion Updating single
Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center. In the navigation pane, choose Groups. In the group list, select multiple groups and click Delete above the list.
Registering a Client Function This API is used to register a client in IAM Identity Center, which allows the client to initiate device authorization. The output should be persistent for reuse by authentication requests.
A quota is a limit on the quantity or capacity of a certain type of service resources available to you, for example, the maximum number of IAM Identity Center users or groups that you can create. For details about the quota of IAM Identity Center, see Notes and Constraints.
The principal can be either a user or a group in IAM Identity Center.
If you are using IAM Identity Center as the identity source, you can configure MFA in IAM Identity Center as follows. Procedure Log in to the Huawei Cloud console. Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center.
The differences between performing ABAC on IAM Identity Center and on external identity providers are as follows: IAM Identity Center: You need to add the attributes for performing ABAC on the Access Control Attributes tab of IAM Identity Center.
Functions Centralized Identity Management IAM Identity Center allows you to create and manage users and groups as identities. With login credentials, your users can then manage their own access to multiple Huawei Cloud accounts from a single user portal.
Obtaining Access Control Attributes for a Specified Instance Function This API is used to return a list of IAM Identity Center identity source attributes that have been configured to be used with attribute-based access control (ABAC) of a specified IAM Identity Center instance.
If you use an external identity provider as the identity source, you can configure user attributes for performing ABAC in both IAM Identity Center and the external identity provider.
Billing IAM Identity Center is a free service. You only need to pay for the cloud services and resources used in your accounts. For details about the billing for using resources, see the billing description for each resource.
Before calling IAM Identity Center through an API, ensure that you are familiar with IAM concepts. For details, see What Is IAM Identity Center?. Parent topic: Before You Start
For example, if you enter the IAM console URL, users will access the IAM console after login. Description Description of a permission set.
In this case, you can manually provision users and groups through the IAM Identity Center console. When you add users to IAM Identity Center, ensure that the username is the same as that in your IdP.
