Identity and Access Management (IAM)
Identity and Access Management (IAM) is a Web-based service that provides identity authentication and permission management. IAM manages user accounts (for example, employees, systems, or applications) and controls the operation rights of these accounts over their resources.
service is enabled by default.
Grant permissions to users based on their responsibilities to control access to HUAWEI CLOUD resources.
Set login verification policies, password policies, and the access control list (ACL).
Create an agency to grant other users convenient and secure access to your HUAWEI CLOUD resources.
Federated Identity Authentication
Create a relationship of trust with a third-party authentication system to allow enterprise users to access your HUAWEI CLOUD resources.
You can create and authorize a user group based on user responsibilities. Any user you add to the user group has the permissions of the user group.
Change a user’s permissions by changing its group.
Grant permissions to users based on projects.
Federated identity authentication allows enterprise employees to access HUAWEI CLOUD without registering for HUAWEI CLOUD root users. They only need to log in to the enterprise management system.
Enterprise users only need to log in to their enterprise management systems.
An enterprise needs only one enterprise management system to manage user information.
You can create an agency to share your resources and permissions with other root users without providing your passwords or keys.
Create an agency to share necessary permissions with the entrusted root user.
Cancel the agency as required anytime.
Security administrators can create users based on scenarios and assign permissions based on user responsibilities.
Security administrators can create an IdP. Employees authenticated by the IdP can access HUAWEI CLOUD using SAML SSO.
Users can create and delete access keys and use access keys to access HUAWEI CLOUD through APIs.
Security administrators can manage security policies of users and set the ACL to prevent access from untrusted networks.