This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Cloud Control

1: Overview

2: How-to guides

2.1: Managing Guardrails
2.2: Managing Organizations
2.3: Managing Accounts

3: API Reference

4: CLI Reference

5: Release Note

1 - Overview

Service Overview

Cloud Control service is a managed service that supports building, operating, and managing a multi‑account environment easily and securely on the Samsung Cloud Platform.
The Cloud Control service automates an organization’s cloud governance (security, compliance, standardization, etc.) and provides consistent, centralized account and resource management based on Samsung Cloud Platform best practices.

Features

The Cloud Control service offers the following advantages.

Landing Zone (Landing Zone) Automatic Provisioning: Automatically configure essential infrastructure such as Samsung Cloud Platform accounts, organizational units (OU), guardrails, logging, etc. * In a standardized environment, you can create new accounts and invite existing accounts.
Centralized governance and policy enforcement: Automatically apply security, compliance, and operational policies (guardrails) across the entire organization. * Provides policy violation detection and monitoring capabilities.
Multi-Region and Scalability: You can apply the same governance and policies across multiple Samsung Cloud Platform regions.

Provided Features

The Cloud Control service provides the following features.

Automated Landing Zone (Landing Zone) Setup: Security, logging, and account structure based on Samsung Cloud Platform best practices are configured automatically.
Apply Guardrail
- Preventive Guardrail : Blocks the creation of resources that violate policy
- Detective Guardrail: Automatically detect and notify policy-violating resources
- Integrate with ACP, Samsung Cloud Platform Config Inspection, etc., of the Samsung Cloud Platform Organization
Dashboard provision: You can visually monitor the account, OU, guardrail implementation status, and compliance status of the entire organization.
Centralized logging and auditing
- Provides centralized log storage and audit accounts for all accounts via Logging&Audit, Object Storage, Config Inspection, and other methods.
ID and Permission Management Integration: Integrates with Samsung Cloud Platform ID Center to manage account-level access control and permission groups.
Monitoring and Notification (Notification) feature: Provides real-time alerts for policy violations, Cloud Control configuration changes, etc.

information

Monitoring and alerting features will be available in July 2026.

Component

Landing Zone (Landing Zone)

The basic architecture of a standardized Samsung Cloud Platform environment, including governance, security, networking, and logging, is as follows.

Category	Detailed description
admin account	Organization and account structure management, policy (SCP) implementation, automation of new account creation Organization-wide highest privileges, governance-focused operation
Log account	Centralized collection and storage of all account logs, log integrity, and long‑term retention Independent account operation, strict access control, and encryption
audit account	Enterprise-wide security and compliance monitoring and auditing, automated security assessments Apply the principle of least privilege, cross-account role delegation

Category

Detailed description

admin account

Organization and account structure management, policy (SCP) implementation, automation of new account creation

Organization-wide highest privileges, governance-focused operation

Log account

Centralized collection and storage of all account logs, log integrity, and long‑term retention

Independent account operation, strict access control, and encryption

audit account

Enterprise-wide security and compliance monitoring and auditing, automated security assessments

Apply the principle of least privilege, cross-account role delegation

Table. Cloud Control Landing Zone

Guardrails

The guardrails that are automatically applied for policy violation detection and prevention (detect/prevent type) rules, and security/compliance standards are as follows.

Category	Detailed description
Preventive Guardrail	Preemptive blocking role to prevent policy violations Implementation: Using Access Control Policy(ACP) to prohibit or limit the scope of actions for specific Samsung Cloud Platform services Example: Prohibit creation of root user access keys Block resource creation in specific regions Block public read/write on S3 buckets Features: Fundamentally prevent the violation act itself, preemptively blocking policy violations
Detection Guardrail	Continuously monitor for policy violations or abnormal configurations, and provide alerts when violations occur Implementation: Based on the Samsung Cloud Platform Config Inspection checklist, evaluate resource status and notify via dashboard or alerts when violations are detected Example: Detection of unencrypted S3 bucket Detection of disabled CloudTrail Detection of EBS volume encryption status Features: Detect violating resources in real time and deliver them to the administrator

Category

Detailed description

Preventive Guardrail

Preemptive blocking role to prevent policy violations

Implementation: Using Access Control Policy(ACP) to prohibit or limit the scope of actions for specific Samsung Cloud Platform services

Example:
- Prohibit creation of root user access keys
- Block resource creation in specific regions
- Block public read/write on S3 buckets

Features: Fundamentally prevent the violation act itself, preemptively blocking policy violations

Detection Guardrail

Continuously monitor for policy violations or abnormal configurations, and provide alerts when violations occur

Implementation: Based on the Samsung Cloud Platform Config Inspection checklist, evaluate resource status and notify via dashboard or alerts when violations are detected

Example:
- Detection of unencrypted S3 bucket
- Detection of disabled CloudTrail
- Detection of EBS volume encryption status

Features: Detect violating resources in real time and deliver them to the administrator

Table. Cloud Control Guardrails

Baseline (Baseline)

The essential resources and configuration sets, such as security, logging, and networking, that are automatically deployed per account are as follows.

Category	Detailed description
AuditBaseline	Configure security and audit roles and policies on the central audit account Check the security status and compliance status of all accounts centrally
LogArchiveBaseline	Aggregate log Trail of all accounts into a central bucket Used for log integrity, long-term storage, and audit tracing
IDCenterBaseline	Automatic resource provisioning integrated with ID Center Unified user/group/role management within the organization

Category

Detailed description

AuditBaseline

Configure security and audit roles and policies on the central audit account

Check the security status and compliance status of all accounts centrally

LogArchiveBaseline

Aggregate log Trail of all accounts into a central bucket

Used for log integrity, long-term storage, and audit tracing

IDCenterBaseline

Automatic resource provisioning integrated with ID Center

Unified user/group/role management within the organization

Table. Cloud Control baseline

Information

AuditBaseline will be available in July 2026.

Provision status by region

The Cloud Control service is available in the environments below.

Region	Provision status
Korea West 1 (kr-west1)	Provided
Korea East 1 (kr-east1)	Provided
South Korea 1 (kr-south1)	Provided
South Korea South 2 (kr-south2)	Provided
South Korea 3 (kr-south3)	Provide

Table. Cloud Control regional availability status

Pre-service

This is a list of services that must be pre-configured before creating the service. For detailed information, please refer to the guide provided for each service and prepare in advance.

Service Category	service	Detailed description
Storage	Object Storage	Object storage that simplifies data storage and retrieval
Management	Loggin&Audit	A service that collects and analyzes user activity data
Management	Organization	A service that organizes accounts by organizational units, manages them hierarchically, and controls resource access permissions.
Management	ID Center	A service that enables easy centralized management of access permissions for resources by account

Table. Cloud Control Preliminary Service

2 - How-to guides

Using Cloud Control

The user must first create a landing zone to use the Cloud Control service. When a landing zone is created, you can use the management features of Cloud Control.

Caution

There is no charge for the Cloud Control service, but services used within Cloud Control such as Logging&Audit, Object Storage, and Config Inspection may incur costs based on usage.

Create Landing Zone

To use Cloud Control in the Samsung Cloud Platform Console, you must first create a landing zone.

To create a landing zone, follow these steps.

Click the All Services > Management > Cloud Control menu. You will be taken to the Service Home page of Cloud Control.
On the Service Home page, click the Create Landing Zone button. You will be taken to the Create Landing Zone page.

After setting the configuration items in the Rate Review and Organizational Unit Configuration area, click the Next button.

Category	Required status	Detailed description
Home region	-	Home region of Cloud Control Cloud Control sets the default region as the home region and it cannot be changed All regions except the default region are managed by Cloud Control
Basic organizational unit	Required	Enter the default organizational unit within the landing zone Case-sensitive English letters, enter up to 128 characters The default organizational unit includes shared Account (Log Account, Audit Account) Security: Default organizational unit name of the shared Account Can be modified after creating the landing zone
Additional organizational unit	Required	Enter additional organizational unit within the landing zone Case-sensitive English letters, up to 128 characters Can be added after creating the landing zone

Category

Required status

Detailed description

Home region

Home region of Cloud Control

Cloud Control sets the default region as the home region and it cannot be changed

All regions except the default region are managed by Cloud Control

Basic organizational unit

Required

Enter the default organizational unit within the landing zone

Case-sensitive English letters, enter up to 128 characters

The default organizational unit includes shared Account (Log Account, Audit Account)

Security: Default organizational unit name of the shared Account

Can be modified after creating the landing zone

Additional organizational unit

Required

Enter additional organizational unit within the landing zone

Case-sensitive English letters, up to 128 characters

Can be added after creating the landing zone

Table. Landing zone creation - cost review and organizational unit configuration items

After setting the configuration items in the Shared Account Configuration area, click the Next button.

Category

Category	Required status	Detailed description
Management Account	-	The Management Account name is displayed and cannot be edited.
Log Account	Required	Enter Log Account Information Account name: Use Korean, English, numbers, spaces, and special characters (`+=-_@[](),.`) to enter within 3 to 30 characters Email, Confirm Email: Enter up to 60 characters in a valid email address format
Audit Account	Required	Enter Log Account information Account name: Korean characters, English letters, numbers, spaces, special characters(`+=-_@[](),.`) within 3 to 30 characters Email, Confirm Email: Enter up to 60 characters in a valid email address format Cannot use the same email as Log Account

Required status

Detailed description

Management Account - The Management Account name is displayed and cannot be edited.

Log Account

Required

Enter Log Account Information

Account name: Use Korean, English, numbers, spaces, and special characters (+=-_@[](),.) to enter within 3 to 30 characters

Email, Confirm Email: Enter up to 60 characters in a valid email address format

Audit Account

Required

Enter Log Account information

Account name: Korean characters, English letters, numbers, spaces, special characters(+=-_@[](),.) within 3 to 30 characters

Email, Confirm Email: Enter up to 60 characters in a valid email address format

Cannot use the same email as Log Account

Table. Landing zone creation – shared account configuration items

Reference

Log Account is a repository of logs for API activity and resource configuration collected from all Accounts. Log Account cannot be changed.
The Audit Account is a restricted account, allowing the security and compliance team to obtain access rights to all accounts within the organization through the Audit Account.

After setting the configuration items in the Additional configuration area, click the Next button.

Category	Required status	Detailed description
Account Access Configuration	Required	Select a method to manage access to the Account Account access via ID Center Create preconfigured groups and permission sets to configure users who perform specific tasks in the Account Automatically assign users when provisioning an Account with the Account Factory or registering an existing Account Selectable only when using ID Center’s own directory Self-managed Account access Cloud Control does not create directory groups or permission sets for the landing zone Automatically assign users when provisioning an Account with the Account Factory or registering an existing Account Manage access to the Account through ID Center or other Account access methods
Trail configuration	-	Automatic configuration in progress
Detection Guardrail	Selection	Select whether to enable detection guardrails When detection guardrails are enabled, they apply only to the default organizational unit Even after creating a landing zone, settings can be changed on the Landing Zone Settings page For more information about detection guardrails, refer to Detective Guardrail

Category

Required status

Detailed description

Account Access Configuration

Required

Select a method to manage access to the Account

Account access via ID Center
- Create preconfigured groups and permission sets to configure users who perform specific tasks in the Account
- Automatically assign users when provisioning an Account with the Account Factory or registering an existing Account
- Selectable only when using ID Center’s own directory

Self-managed Account access
- Cloud Control does not create directory groups or permission sets for the landing zone
- Automatically assign users when provisioning an Account with the Account Factory or registering an existing Account
- Manage access to the Account through ID Center or other Account access methods

Trail configuration

Automatic configuration in progress

Detection Guardrail

Selection

Select whether to enable detection guardrails

When detection guardrails are enabled, they apply only to the default organizational unit

Even after creating a landing zone, settings can be changed on the Landing Zone Settings page

For more information about detection guardrails, refer to Detective Guardrail

Table. Landing zone creation - additional configuration items

In the Input Information Confirmation area, after checking the landing zone configuration information and Service Permissions, check the agreement on permissions and guidelines.
Click the Create button. A popup notifying the creation of the landing zone opens.
After reviewing the information about creating a landing zone, click the Confirm button. The landing zone creation request will be completed.
- Creating a landing zone takes some time, and a notification is sent when the process is complete.
- When the landing zone creation is completed, you can view the full menu of Cloud Control and the organization status on the Service Home page.

Caution

You cannot cancel while creating a landing zone.
If creating the landing zone fails, delete the landing zone and then create it again.
If you select Self-Managed Account Access, you cannot view the Access Portal URL and User Credentials information.

Reference

When a landing zone is created, you can view the following in Cloud Control.

Two organizational units: shared Account, and an organizational unit for the Account that the user will provision
Two shared accounts: isolated accounts for log archiving and security auditing
Selected IAM management configuration
10 preventive guardrails: settings for policy enforcement
Enable control policies for the Organization service

View detailed information of the landing zone

On the Landing Zone Settings page, you can view detailed information about the landing zone.

Information

After creating a landing zone, you can view and edit its details.

Follow these steps to view the detailed information of the landing zone.

Click the All Services > Management > Cloud Control menu. Go to the Service Home page of Cloud Control.
On the Service Home page, click the Landing Zone Settings menu. You will be taken to the Landing Zone Settings page.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform In Cloud Control, it refers to the SRN of the resource type
Resource name	Resource name
Resource ID	Unique resource ID in the service
constructor	User who created the service
Creation date	Service creation date and time
Editor	User who edited the service information
Modification date and time	Date and time the service information was modified
Home region	Landing zone home region information
Account Access Configuration	How to manage access to an Account
Trail configuration	Trail configuration activation status active maintain status
Detection Guardrail	Detection guardrail activation status Active: Create and schedule diagnostics for Accounts under the registered organizational unit Display the guardrail’s pricing plan, checklist, diagnostic interval, and start time information Inactive: Delete diagnostics for all Accounts within the organizational unit Edit button can be clicked to change activation status Changes cannot be canceled after request
Delete landing zone	Delete landing zone For detailed information about deleting the landing zone, see Delete Landing Zone

Table. Landing zone configuration items

Delete Landing Zone

If the landing zone creation fails or is not used, you can delete the landing zone.

Caution

Deleted resources cannot be recovered.
Organization units, accounts, buckets, and ID Center resources are not deleted automatically.
- To use the same name as an existing resource that has not been deleted when recreating a landing zone, you must delete the existing resource directly before creating the landing zone.
- Existing resources can be deleted individually from the Organization, Object Storage, and ID Center services.

To delete a landing zone, follow these steps.

Click the All Services > Management > Cloud Control menu. You will be taken to the Service Home page of Cloud Control.
On the Service Home page, click the Landing Zone Settings menu. You will be taken to the Landing Zone Settings page.
On the Landing Zone Settings page, click the Delete Landing Zone button. The Delete Landing Zone popup will open.
Landing Zone Deletion popup, after entering the displayed Cloud Contorl ID in the deletion confirmation field, click the Confirm button. The landing zone deletion request will be completed.
- While deleting a landing zone, an explanation about the landing zone deletion process is displayed on the Service Home page.

Managing Organizational Units and Accounts

You can view the organization units and account list, register them in Cloud Control, and manage them.

To view and manage organizational units and the Account list, follow these steps.

Click the All Services > Management > Cloud Control menu. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Organization menu. You will be taken to the Organization unit and Account management page.

Organizational Unit and Account Management page, select the view mode in the top‑right corner.

When you click the View Hierarchy button, you can view and manage organizational units and Accounts in a hierarchical structure.

Category	Detailed description
Create a subordinate organizational unit	Add a new organizational unit under the selected organizational unit Enabled only when a single organizational unit is selected in the hierarchy For more details, refer to Creating an Organizational Unit
More	Manage organization units or register a new Account Organization Unit: Ability to delete/register/re-register organization units, and apply/remove detection guardrails For detailed information on organization unit management, see Managing Organization Units reference For detailed information on detection guardrails, see Detection Guardrails reference Account: Ability to register/unregister an Account For detailed information on Account registration and deregistration, see Account Management reference
Organization unit/Account name	Display the names of organizational units and Accounts in a hierarchical structure Click the +, - buttons to expand or collapse the hierarchy Click an organizational unit or Account name to navigate to its detail page
ID/Email	Organization units display ID, and Account displays ID and email.
status	Cloud Control registration status of an organization unit or Account Registered, Not registered, Registering, Registration failed No status displayed when Root
Register organization unit	Cloud Control registration status of sub-organizational units number of registered organizational units / total number of organizational units displayed
Register Account	Cloud Control registration status of sub Accounts displayed as Number of registered Accounts / Total number of Accounts
Detection Guardrail	Detection guardrail application status for an organization unit or sub‑organization unit

Table. Hierarchy view items

View Account List: You can view and manage the list of Accounts that make up Cloud Control.

Category	Detailed description
Account registration	Register the selected Account from the Account list to Cloud Control When you select an Account in Unregistered, Registration Failed status from the Account list, it becomes active For detailed information on Account registration, refer to Register Account
More > Unregister Account	Deregister the selected Account from the Account list When you select an Account in the Account list that is in registered, registration failed status, it becomes enabled Shared Accounts cannot be deregistered For more details on Account deregistration, refer to Account Deregistration
Account name	Account name
Account ID	Account ID
email	Account user email
status	Cloud Control registration status of an organization unit or Account Registered, Unregistered, Registering, Registration Failed No status displayed when Root

Table. Account list view items

Account creation button click creates a new Account. For more details, see Create Account.

Check organization and Account detailed information

You can view and edit the detailed information of the organization unit and Account. To view detailed information about the organization unit and Account, follow these steps.

Click the All Services > Management > Cloud Control menu. Navigate to the Service Home page of Cloud Control.
Service Home page, click the Organization menu. Navigate to the Organization unit and Account management page.
Click the View Hierarchy button on the Organizational Unit and Account Management page.
Click the name of the resource whose details you want to view in the hierarchical list. You will be taken to the resource’s detail page.
- Root: Go to the Root Details page. For more information, see Root Details Information.
- Organization unit name: Organization unit details Go to the page. For more information, see Organization unit details.
- Account name: Account details page. For more details, see Account details.

Root detailed information

Root Details page allows you to view and manage the detailed information of the organization Root and the list of subordinate Accounts. Root Details page consists of Basic Information, Sub Account tabs.

Basic Information

You can view the basic information of the organization Root, as well as the organizational units and the number of accounts registered in Cloud Control.

Category	Detailed description
service	Service name
Resource Type	Service Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource Name
Resource ID	Unique resource ID in the service
constructor	User who created the service
Creation timestamp	Service creation timestamp
Editor	User who edited the service information
Modification date and time	Date and time the service information was modified
Register organization unit	Cloud Control registration status of sub-organizational units under Root Number of registered organizational units / total number of organizational units displayed as
Register Account	Cloud Control registration status of Accounts under the Root Number of registered Accounts / Total number of Accounts displayed

Table. Root Details - Basic Information Tab Items

Sub Account

You can view and manage the list of Accounts under the Root and the registration status of Cloud Control.

Category	Detailed description
Account registration	Register the selected Account from the Account list to Cloud Control When you select an Account in unregistered state from the Account list, it becomes active For details on Account registration, refer to Account Registration
Account name	Account name
email	Account user email
Status	Cloud Control registration status of an organization unit or Account Registered, Not registered, Registering, Registration failed When Root, no status displayed

Table. Root Details - Sub Account Tab Items

Organizational Unit Detailed Information

Organizational Unit Details page allows you to view and manage the unit’s detailed information, subordinate Accounts, applied preventive guardrails, and detection guardrails. Organization Unit Detail page consists of Basic Information, Sub Account, Preventive Guardrails, Detection Guardrails tabs.

Basic Information

You can view basic and detailed information about the organization unit.

Category	Detailed description
Service	Service name
Resource Type	Service type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
Constructor	User who created the service
Creation date and time	Service creation date and time
Editor	User who edited the service information
Modification date and time	Date and time the service information was modified
Organizational unit name	Name of the organizational unit
Apply guardrails	Number of guardrail types applied to the current organizational unit Prevention: Number of applied preventive guardrails Detection: Types of detection guardrails
Register organization unit	Current Cloud Control registration status of sub-units of the organization unit Number of registered organization units / Total number of organization units displayed
Register Account	Cloud Control registration status of sub-accounts under the current organization unit registered account count / total account count displayed
higher-level organization unit	Hierarchy of parent organizational units for the current unit
Apply detection guardrails / Remove detection guardrails	Change detection guardrail application status for the organization unit Clicking the button can apply or remove the detection guardrail
Re-registration	Re-register the current organization unit in Cloud Control For detailed information on organization unit re-registration, refer to Re-register organization unit

Table. Organization Unit Details - Basic Information Tab Items

Sub Account

You can view and manage the list of subordinate Accounts within an organizational unit.

Information

For Security organizational units, you cannot register an Account.

Category	Detailed description
Account registration	Register the selected Account from the Account list to Cloud Control When you select an Account in unregistered state from the Account list, it becomes active For details on Account registration, refer to Account Register
Account name	Account name
email	Account’s user email
status	Cloud Control registration status of an organization unit or Account Registered, Unregistered, Registering, Registration Failed No status displayed when Root

Table. Organization unit details - Sub Account tab items

Preventive Guardrail

You can view and manage the list of preventive guardrails applied at the organizational level.

Information

For security organizational units, you cannot apply or remove guardrails.

Category	Detailed description
Target service name	Name of the service to which the guardrail applies
Guardrail name	Guardrail name Click the guardrail name to view detailed information about that guardrail.
type	Application method
Application method	Display of guardrail application method If it is an inheritance method, you can click to view the detailed organizational unit name
Disable	Unapply the selected guardrail from the guardrail list Activate when a guardrail is selected from the guardrail list
Apply preventive guardrails	Apply new preventive guardrails at the organizational level When the button is clicked, navigate to the Preventive Guardrail Application page

Table. Organization Unit Details - Preventive Guardrail Tab Items

Detection Guardrail

You can view and manage the diagnostic results of detection guardrails applied at the organizational level.

Reference

Accounts with diagnostic history in Cloud Control are provided with the latest diagnostic results regardless of whether detection guardrails are applied.

Category	Detailed description
Account name	Account name to be diagnosed
Diagnosis name	Diagnosis Name
PASS	Number of checklist items with a diagnosis result of PASS (normal)
FAIL	Number of checklist items with a diagnosis result of FAIL (vulnerable)
CHECK	Number of items in the checklist with a diagnosis result of CHECK (verification required)
ERROR	Number of items in the checklist whose diagnosis result is ERROR (diagnosis not possible)
N/A	Number of items in the checklist where the diagnosis result is N/A (not applicable)
All	Total number of checklist items
Diagnostic Result	Diagnosis request result Completed: The diagnosis request has been successfully completed, and clicking will navigate to the detail page Error: The diagnosis request was not completed successfully, so detailed information cannot be viewed
Diagnosis date and time	Diagnosis request date and time

Table. Diagnosis result list items

Check detailed account information

Account Details page allows you to view the account’s detailed information and the list of applied preventive guardrails. Account Details page consists of the Basic Information and Preventive Guardrails tabs.

Basic Information

You can view basic and detailed information about the organization unit.

Category	Detailed description
Service	Service name
Resource Type	Service Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
constructor	User who created the service
Creation date and time	Service creation date and time
Editor	User who edited the service information
Modification date and time	Date and time the service information was modified
email	Account user email
Apply guardrails	Number of guardrail types applied to the current organizational unit Prevention: Number of applied preventive guardrails Detection: Types of detection guardrails
ID Center username	ID Center user email
Higher-level organization unit	Current account’s parent organizational unit hierarchy
Register	You can change the organization unit of the current Account For detailed information on changing the organization unit, refer to Account Move

Table. Account Details - Basic Information Tab Items

Preventive Guardrail

You can view the list of preventive guardrails applied to the Account.

Category	Detailed description
Target Service Name	Guardrail target service name
Guardrail name	Guardrail name Click the guardrail name to view detailed information about that guardrail.
type	Application method
Application method	Guardrail application method display

Table. Account Details - Preventive Guardrail Tab Items

Check Access Portal connection information

User and Access page allows you to view the Access Portal connection URL and login methods (password, SSO, MFA).

Information

User and Access information is not displayed when creating a landing zone if Account Access Configuration is set to Self-Managed Account Access. Choose Account Access via ID Center to create the landing zone.

To check the Access Portal connection information, follow these steps.

Click the All Services > Management > Cloud Control menu. You will be taken to the Service Home page of Cloud Control.
On the Service Home page, click the User and Access menu. You will be taken to the User and Access page.
Check the information in the User and Access page’s Integrated Access Management area.

Category	Detailed description
Access type	How to access the Access Portal
Access Portal URL	Access Portal access URL When the URL is clicked, the Access Portal login page opens in a new tab Can be accessed using the ID login credentials from ID Center
Permission set	A collection of administrator policies used by ID Center to determine the valid permissions of users who can access a specific account.

Category

Detailed description

Access type

How to access the Access Portal

Access Portal URL

Access Portal access URL

When the URL is clicked, the Access Portal login page opens in a new tab

Can be accessed using the ID login credentials from ID Center

Permission set

A collection of administrator policies used by ID Center to determine the valid permissions of users who can access a specific account.

Table. Shared Account items

Reference

For more details about credential sources and ID Center, see ID Center.

information

If the landing zone is configured with a self-managed Account access, refer to the following.

Cloud Control does not automatically create directory groups or permission sets.
When provisioning an Account with the Account factory or registering an existing Account, the user is automatically assigned.
You can manage access to an account through ID Center or other account access methods.

Check user credential information

User and Access page allows you to view the user credential source type and ID Center ID.

information

User and Access information is not displayed when creating a landing zone if you select Account Access Configuration as Self-Managed Account Access. Select Account Access via ID Center to create the landing zone.

To verify user credential information, follow these steps.

Click the All Services > Management > Cloud Control menu. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the User and Access menu. You will be taken to the User and Access page.
Check the information in the User and Access page’s User Credentials Management area.

Category	Detailed description
Credential source	Credential source types configured in ID Center ID Center’s own directory: Directory within ID Center AD (Active Directory): Active Directory managed directly by the user
ID Center ID	ID Center’s ID when the ID is clicked, navigate to the ID Center Settings page
User group	A group formed to classify workers who perform specific tasks within an organization

Category

Detailed description

Credential source

Credential source types configured in ID Center

ID Center’s own directory: Directory within ID Center

AD (Active Directory): Active Directory managed directly by the user

ID Center ID

ID Center’s ID

when the ID is clicked, navigate to the ID Center Settings page

User group

A group formed to classify workers who perform specific tasks within an organization

Table. User credential management items

Reference

For detailed information about credential sources and ID Center, see ID Center.
Management > IAM You can add users and user groups. For more details, see the IAM.

2.1 - Managing Guardrails

The guardrails that are automatically applied for policy violation detection and prevention (detect/prevent type) rules, and security/compliance standards are as follows.

Preventive Guardrail

You can apply preventive guardrails to proactively block policy violations from occurring.

Applying preventive guardrails

It can be applied to preventive guardrails at the organizational level. To apply preventive guardrails at the organizational level, follow these steps.

Click the All Services > Management > Cloud Control menu. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Guardrail > Preventive Guardrail menu. 2. Go to the Preventive Guardrail List page.
From the Preventive Guardrail List, select the preventive guardrails to apply to the organization unit, then click the Apply to Organization Unit button. 3. Navigate to the Apply to organization unit page.
- Multiple preventive guardrails can be selected and applied simultaneously.

After selecting the organizational unit to which you want to apply the preventive guardrail, click the Complete button.

Category	required status	Detailed description
Preventive guardrails to apply	-	Preventive guardrails list to be applied at the organizational level
Organizational unit name	Essential	Select the organizational unit to apply the preventive guardrail Only organizational units with Registered, Registration Failed status can be selected Click the organizational unit name or parent organizational unit name to view detailed information

Category

required status

Detailed description

Preventive guardrails to apply

Preventive guardrails list to be applied at the organizational level

Organizational unit name

Essential

Select the organizational unit to apply the preventive guardrail

Only organizational units with Registered, Registration Failed status can be selected

Click the organizational unit name or parent organizational unit name to view detailed information

Table. Preventive guardrail application items

When the pop‑up window notifying that the preventive guardrail has been applied opens, click the Confirm button.

View detailed information of preventive guardrail

You can view detailed information about preventive guardrails, the organizational units to which they are applied, and the list of Accounts. To disable the preventive guardrail, follow these steps.

Click the All Services > Management > Cloud Control menu. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Guardrail > Preventive Guardrail menu. 2. Go to the Preventive Guardrail List page.
Click the preventive guardrail name to view detailed information in the Preventive Guardrail List. 3. Preventive Guardrail Details page
- Preventive Guardrail Details page consists of Basic Information, Applicable Organizational Unit, Account tab.

Basic Information

You can view basic and detailed information about the preventive guardrail.

Category	Detailed description
service	Service Name
Resource Type	Service type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
Constructor	User who created the service
Creation date and time	Service creation date and time
Modifier	User who edited the service information
Modification date and time	Date and time the service information was modified
Guardrail name	Name of the guardrail
type	Guardrail type
Target service name	Guardrail target service name
status	Whether guardrails are applied
Explanation	Description of guardrails

Table. Guardrail Details - Basic Information Tab Items

Applicable organization unit

You can view the list of organizational units where preventive guardrails are applied.

Category	Detailed description
Organizational unit name	Organizational unit name Click the organizational unit name to view detailed information
Parent organization unit name	Name of the parent organizational unit of the organizational unit Click the parent organizational unit name to view detailed information
status	Cloud Control registration status for organizational units Registered, Not registered, Registering, Registration failed No status displayed for Root

Category

Detailed description

Organizational unit name

Click the organizational unit name to view detailed information

Parent organization unit name

Name of the parent organizational unit of the organizational unit

Click the parent organizational unit name to view detailed information

status

Cloud Control registration status for organizational units

Registered, Not registered, Registering, Registration failed

No status displayed for Root

Table. Root Details - Sub Account Tab Items

Account

You can view the list of sub‑Accounts under the organizational unit where preventive guardrails are directly applied.

Category	Detailed description
Account name	Account name
email	Account user email
Organizational unit name	Organization unit name Click the organization unit name to view detailed information
status	Cloud Control registration status for an organization unit or Account Registered, Not registered, Registering, Registration failed No status displayed when Root

Table. Root Details - Sub Account Tab Items

Reference

Preventive guardrails are inherited and applied from all higher-level organizational units, so preventive guardrails can also be applied to Accounts that are not in the Account list.

Disable preventive guardrail

You can disable the preventive guardrail applied at the organization level. To disable the preventive guardrail, follow these steps.

Click the All Services > Management > Cloud Control menu. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Guardrail > Preventive Guardrail menu. 2. Navigate to the Preventive Guardrail List page.
From the Preventive Guardrail List, select the preventive guardrail for which you want to disable organization-level enforcement, then click the More > Remove Organization-Level Enforcement button. 3. Navigate to the Remove organization unit application page.
- Multiple preventive guardrails can be selected simultaneously to disable them.

After selecting the organizational unit to disable the preventive guardrail, click the Complete button.

Category	Whether required	Detailed description
Guardrails to apply	-	List of preventive guardrails to be disabled
Organizational unit name	Essential	Select the organizational unit to disable the preventive guardrail Only organizational units with Registered, Registration Failed status can be selected Click the organizational unit name or parent organizational unit name to view detailed information

Category

Whether required

Detailed description

Guardrails to apply

List of preventive guardrails to be disabled

Organizational unit name

Essential

Select the organizational unit to disable the preventive guardrail

Only organizational units with Registered, Registration Failed status can be selected

Click the organizational unit name or parent organizational unit name to view detailed information

Table. Preventive Guardrail Deactivation Items

When a pop‑up notifying the deactivation of the preventive guardrail opens, click the Confirm button.

Detection Guardrail

When detection guardrails are enabled, Config Inspection diagnostics are automatically run for Accounts within the default organizational unit, performing checks daily.

Apply detection guardrails

You can apply detection guardrails on the Landing Zone Settings page.

information

Detection guardrails can also be enabled when creating a landing zone.

To apply detection guardrails, follow the steps below.

All Services > Management > Cloud Control Click the menu. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Landing Zone Settings menu. 2. Navigate to the Landing Zone Settings page.
On the Landing Zone Settings page, click the Edit button for the Detection Guardrail item. 3. Detection Guardrail Settings The popup window opens.
Detection Guardrail Settings In the popup window, after checking Enable Cloud Control Detection Guardrail, click the Confirm button.
- When activation is checked, Plan, Check List, Diagnosis Cycle, Start Time are displayed.
When the pop-up indicating that the detection guardrail is active opens, click the Confirm button.

Check detection guardrail diagnostic results

You can view the Config Inspection diagnostic results via detection guardrails. To view the diagnostic results, follow these steps.

Click the All Services > Management > Cloud Control menu. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Guardrail > Detection Guardrail menu. 2. Navigate to the Detection Guardrail List page.
Click the diagnosis name of the Account for which you want to view diagnostic results from the Detection Guardrail List. 3. Go to the Diagnostic Results List page.
- In the search area of the Diagnosis Result List page, you can enter a diagnosis name or click the Advanced Search button to search.
On the Diagnosis Result List page, click the diagnosis result for the diagnosis name to view detailed diagnostic items. 4. Navigate to the Diagnostic Result Details page.
- Completed: The diagnostic request has been successfully completed, when Completed is clicked, navigate to the detail page
- Error: The diagnostic request was not completed successfully, and the error status item cannot view detailed information.

Diagnosis Result Details on the page

Category	Detailed description
Checklist	Set of diagnostic items that serve as the basis for diagnostic results
Area	Scope of Diagnosis (services of Samsung Cloud Platform)
Diagnostic Items	Security standards recommended for each service configuration Click the diagnostic item name to view detailed information about that diagnostic item Diagnostic item details: area, diagnostic item, result, diagnostic criteria, diagnostic method, remediation guide, detailed result
Result	Diagnostic Item Baseline Check Results PASS: Number of items in the checklist with a diagnostic result of PASS (normal) FAIL: Number of items in the checklist with a diagnostic result of FAIL (vulnerable) CHECK: Number of items in the checklist with a diagnostic result of CHECK (needs verification) ERROR: Number of items in the checklist with a diagnostic result of ERROR (diagnosis not possible) N/A: Number of items in the checklist with a diagnostic result of N/A (not applicable)

Table. Detailed Diagnosis Result Items

Reference

For detailed information about the diagnosis results, see Config Inspection’s Check Diagnosis Results.

Managing detection guardrail diagnostic results

You can view the results of the Config Inspection diagnosis request via the detection guardrail.

Reference

In Cloud Control, you cannot delete or modify inspection results.

To view the diagnostic request results, follow these steps.

All Services > Management > Cloud Control Click the menu. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Guardrail > Detection Guardrail menu. 2. Go to the Detection Guardrail List page.
In the Detection Guardrail List, click the diagnosis name of the Account that will manage the diagnostic results. 3. Go to the Diagnostic Results List page.
- On the Diagnosis Result List page, you can enter a diagnosis name in the search area or click the Advanced Search button to search.
On the Diagnostic Result List page, click the Diagnostic Result Management button. 4. Diagnosis Result Management Navigate to the detail page.

Diagnostic Result Management View the diagnostic results on the detail page.

Category	Detailed description
Checklist	Collection of diagnostic items that serve as the basis for diagnostic results
Area	Scope of Diagnosis (services of Samsung Cloud Platform)
Diagnostic Items	Security standards recommended for each service configuration Click the diagnostic item name to view detailed information about that diagnostic item Diagnostic details: area, diagnostic item, result, diagnostic criteria, diagnostic method, remediation guide, detailed result
Result	Diagnostic Item Baseline Check Results PASS: Number of items in the checklist with a diagnostic result of PASS (normal) FAIL: Number of items in the checklist with a diagnostic result of FAIL (vulnerable) CHECK: Number of items in the checklist with a diagnostic result of CHECK (needs verification) ERROR: Number of items in the checklist with a diagnostic result of ERROR (diagnosis not possible) N/A: Number of items in the checklist with a diagnostic result of N/A (not applicable)
Result check / Result change	Result Verification: Detailed information can be viewed in the result verification popup Registrant, validity period, change status, detailed reason, attachment, inspection result Attachments can only be viewed in Config Inspection Inspection results cannot be deleted in Cloud Control Result Modification: Inspection results cannot be modified in Cloud Control

Table. Diagnosis Result Management Items

Reference

For detailed information about the diagnostic results, see Config Inspection’s Managing Diagnostic Results.

Disable detection guardrail

On the Landing Zone Settings page, you can disable the detection guardrail. To disable the detection guardrail, follow these steps.

All Services > Management > Cloud Control menu, click it. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Landing Zone Settings menu. 2. Go to the Landing Zone Settings page.
On the Landing Zone Settings page, click the Edit button of the Detection Guardrail item. 3. Detection Guardrail Settings The popup window opens.
Detection Guardrail Settings in the popup window, uncheck Cloud Control Detection Guardrail Active.
When a popup that notifies the removal of detection guardrails opens, click the Confirm button.

2.2 - Managing Organizations

When a landing zone is created, you can use Cloud Control’s organization-level management features.

Caution

The user must first create a landing zone to use the Cloud Control service.
There is no charge for the Cloud Control service, but services used within Cloud Control such as Logging&Audit, Object Storage, and Config Inspection may incur costs based on usage.

Manage Organizational Units

You can register and manage the organizational units that constitute an Organization in Cloud Control.

Create Organization Unit

You can create a new organizational unit and register it with Cloud Control.

To create an organizational unit and register it with Cloud Control, follow these steps.

Click the All Services > Management > Cloud Control menu. Go to the Service Home page of Cloud Control.
Service Home page, click the Organization menu. Navigate to the Organization unit and Account management page.
On the top right of the Organizational Unit and Account Management page, click the View Hierarchy button.
After selecting the location in the hierarchical list where you want to add an organizational unit, click the Create Organizational Unit Under button. The Create Organizational Unit popup opens.
- Root or only one organizational unit can be selected.
- You can create organizational units up to five levels below Root.

Create Organizational Unit After entering the organizational unit information to add in the popup window, click the Create button.

Category	Required	Detailed description
Parent organization unit name	-	Name of the parent organizational unit for the organizational unit to be created
Organizational unit name	Required	Enter the name of the organizational unit to be created within 128 characters Organizational names distinguish between uppercase and lowercase English letters
Explanation	Selection	Enter a description of the organizational unit within 1,000 characters.

Table. Organization unit creation items

When the popup that notifies the creation of an organizational unit opens, click the Confirm button.
- It may take more than tens of minutes depending on the number of accounts under the organizational unit.
- A notification will be sent when the organization unit creation is complete.

Register Organizational Unit

You can register organizational units that are not registered in Cloud Control or that failed to register, into Cloud Control.

Information

When registering an organizational unit, all parent units of the unit to be registered must be in a registered state.
If an organizational unit in the registering state exists under the organizational unit you are trying to register, you cannot register.
The sub-units of the organizational unit you are registering must be registered separately.

To register an organizational unit in Cloud Control, follow these steps.

Click the All Services > Management > Cloud Control menu. You will be taken to the Service Home page of Cloud Control.
Service Home page, click the Organization menu. Navigate to the Organization unit and Account management page.
On the top right of the Organizational Unit and Account Management page, click the View Hierarchy button.
After selecting the organizational unit to register from the hierarchical list, click the More > Register Organizational Unit button. You will be taken to the Register Organizational Unit page.

On the Organization Unit Registration page, verify the information of the organization unit to be registered.

Category	Whether required	Detailed description
Sub Account	-	List of Accounts included under the organizational unit to be registered Automatically register in Cloud Control when registering the organizational unit
Applicable preventive guardrails	-	List of guardrails inherited from higher-level organizational units and guardrails directly applied to the organization unit Click the guardrail name to view detailed information about that guardrail

Table. Organization Unit Registration Items

Reference

Preventive guardrails are inherited from higher-level organizational units.
To remove an inherited guardrail, disable its application in the parent organizational unit.

After reviewing the Terms of Service, check the checkbox and click the Complete button.
When the popup notifying the registration of an organizational unit opens, click the Confirm button. The organizational unit registration request is completed.
- Depending on the number of accounts under the organizational unit, it can take several tens of minutes.
- A notification will be sent once the organization unit registration is complete.

Re-register organizational unit

You can re-register an organizational unit that is already registered in Cloud Control.

Information

You cannot register if there is an organization unit in the registration state under the organization unit you are trying to register.
Sub-units of the organizational unit you are registering must be registered separately.

To re-register an organizational unit in Cloud Control, follow these steps.

Click the All Services > Management > Cloud Control menu. Navigate to the Service Home page of Cloud Control.
Service Home page, click the Organization menu. Navigate to the Organization unit and Account management page.
Organizational Unit and Account Management page, click the View Hierarchy button in the top right corner.
In the hierarchical list, select the organizational unit to re‑register, then click the More > Re‑register Organizational Unit button. You will be taken to the Re‑register Organizational Unit page.

On the Organizational Unit Re-registration page, check the information of the organizational unit to be re-registered.

Category	Required status	Detailed description
Sub Account	-	List of Accounts included under the organizational unit to be re-registered Automatically register in Cloud Control when registering the organizational unit
Applicable preventive guardrails	-	List of guardrails inherited from higher organizational units and guardrails directly applied to the organization unit Clicking a guardrail name allows you to view detailed information about that guardrail

Table. Organization Unit Re-registration Items

Reference

Preventive guardrails are inherited from higher-level organizational units.
To remove an inherited guardrail, disable its application at the parent organizational unit.

After reviewing the Terms of Service, check the checkbox and click the Complete button.
When the popup notifying re-registration of the organization unit opens, click the Confirm button. The organization unit re-registration request is completed.
- Depending on the number of accounts under the organizational unit, it can take several tens of minutes.
- A notification will be sent once the organization unit re-registration is complete.

Delete organization unit

You can delete an organizational unit.

Information

Only organizational units that are in an unregistered state in Cloud Control can be deleted.
Before deleting an organizational unit, remove all its subordinate elements.

To delete an organizational unit, follow these steps.

Click the All Services > Management > Cloud Control menu. Go to the Service Home page of Cloud Control.
On the Service Home page, click the Organization menu. You will be taken to the Organization unit and Account management page.
On the top right of the Organizational Unit and Account Management page, click the View Hierarchy button.
After selecting the organizational unit to delete from the hierarchical list, click the More > Delete Organizational Unit button.
When the popup notifying that the organizational unit will be deleted opens, click the Confirm button.

2.3 - Managing Accounts

Create Account

You can create an Account with the Account factory and apply Cloud Control directly without any additional steps.

Caution

An Account cannot be created if it exceeds the maximum number of Accounts that can be added to the organization.

To create an Account, follow these steps.

Click the All Services > Management > Cloud Control menu. You will be taken to the Service Home page of Cloud Control.
On the Service Home page, click the Account Factory menu. You will be taken to the Account Factory page.
On the Account Factory page, click the Account Creation button. You will be taken to the Account Creation page.

On the Account creation page, enter the required information to create an Account and select an organizational unit, then click the Create button.

Category

Category	Required status	Detailed description
Account information	Required	Enter the account name and email information Account name: Use Korean, English, numbers, spaces, and special characters (`+=-_@[](),.`) to enter between 3 ~ 30 characters Email: Enter up to 60 characters in a valid email address format Cannot duplicate the root user email Enter the same value in Email confirmation
ID Center information	Required	Enter ID Center user information that can access the Account to be created Username: Use English letters, numbers, and special characters(`+=-_@,.`) within 128 characters User’s real name: Enter the user’s actual name (surname and given name) If the Account access configuration uses self-managed Account access, ID Center information cannot be set
Select organization unit	Required	Select the parent organization unit that will contain the Account to be created Only organization units with registered status can be selected Clicking the organization unit name navigates to its detailed page

Required status

Detailed description

Account information

Required

Enter the account name and email information

Account name: Use Korean, English, numbers, spaces, and special characters (+=-_@[](),.) to enter between 3 ~ 30 characters

Email: Enter up to 60 characters in a valid email address format
- Cannot duplicate the root user email
- Enter the same value in Email confirmation

ID Center information

Required

Enter ID Center user information that can access the Account to be created

Username: Use English letters, numbers, and special characters(+=-_@,.) within 128 characters

User’s real name: Enter the user’s actual name (surname and given name)

If the Account access configuration uses self-managed Account access, ID Center information cannot be set

Select organization unit

Required

Select the parent organization unit that will contain the Account to be created

Only organization units with registered status can be selected

Clicking the organization unit name navigates to its detailed page

Table. Landing zone creation - cost review and organizational unit configuration items

Caution

An Excel file containing Access Portal user login information will be sent to the email entered in the ID Center. Be sure to verify that the email address is correct.

When a popup notifying Account creation opens, click the Confirm button. The Account creation request is completed.
- Creating an account takes some time, and a notification is sent when the process is complete.

Manage Account

You can register and manage the accounts that comprise the organization in Cloud Control.

Register Account

You can register organizational units that are not registered in Cloud Control or that failed to register, into Cloud Control.

Information

Only accounts of the organizational unit registered in Cloud Control can be registered.
You cannot register if there is an organizational unit or Account in registering status under the organizational unit you are trying to register.
If you select a different organizational unit from the current one and register, the corresponding ACcount will be moved to the newly selected organizational unit.

To register an Account, follow these steps.

Click the All Services > Management > Cloud Control menu. You will be taken to Cloud Control’s Service Home page.
Service Home page, click the Organization menu. Navigate to the Organization unit and Account management page.
In the top right corner of the Organization Unit and Account Management page, click the View Account List button.

From the Account list, select the Account to register in Cloud Control, then click the Account registration button. You will be taken to the Account registration page.

After clicking the Account name of the Account to be registered, you can also register by clicking the Register button on the Account Details page.

Category	Required status	Detailed description
Current organizational unit	-	The organizational unit to which the Account belongs
Register organization unit	-	Select the organizational unit to register the Account Only organizational units with registration status can be selected Current organizational unit: Register directly to the current organizational unit Other organizational unit: Manually select a different organizational unit

Category

Required status

Detailed description

Current organizational unit

The organizational unit to which the Account belongs

Select the organizational unit to register the Account

Only organizational units with registration status can be selected

Current organizational unit: Register directly to the current organizational unit

Other organizational unit: Manually select a different organizational unit

Table. Account registration items

When a popup notifying the Account registration opens, click the Confirm button.

Move Account

You can change the organizational unit of an Account registered in Cloud Control and move it.

Information

You cannot move if there is an organizational unit or Account in the registering state under the organizational unit you are trying to register.
If you select a different organizational unit from the current one and register, the corresponding ACcount will be moved to the newly selected organizational unit.

To move the Account, follow the steps below.

Click the All Services > Management > Cloud Control menu. You will be taken to the Service Home page of Cloud Control.
On the Service Home page, click the Organization menu. You will be taken to the Organization Units and Account Management page.
On the Organization Unit and Account Management page, click the View Account List button in the top right corner.
In the Account list, click the Account name whose organizational unit you want to change. You will be taken to the Account Details page.
On the Account Details page, click the Register button. You will be taken to the Account Register page.
From the Registered organization unit list, select the organization unit to which the Account will be moved, then click the Complete button.
- Only organizational units with registered status can be selected.
When the popup notifying the Account registration opens, click the Confirm button.

Unregister Account

You can deregister an Account that is registered in the Organization.

Information

In the following cases, the Account cannot be deactivated.

Account with no registered payment method
When there is credit assigned to the account
When the exclusion point is the cost settlement date (the 1st of each month, Asia/Seoul GMT +09:00)

To deactivate an Account registered in the Organization, follow the steps below.

Click the All Services > Management > Organization menu. Go to the Service Home page of Organization.
On the Service Home page, click the Organization Configuration menu. You will be taken to the Organization Configuration page.
On the Organization Structure page, click the View Account List button.
After selecting the Account to exclude from the Organization, click the More > Unregister Account button.
- After clicking the Account name of the Account to be deregistered, you can also deregister by clicking the Deregister button on the Account Details page.
When a popup that notifies the Account deregistration opens, click the Confirm button.

Delete Account

You can delete the account.

information

When deleting from the Account list, you must select only one Account to delete.
All resources in the Account must be deleted before deletion.
Management Account and accounts that joined via invitation cannot be deleted.

To delete the Account, follow these steps.

Click the All Services > Management > Organization menu. Go to the Service Home page of Organization.
On the Service Home page, click the Organizational Structure menu. You will be taken to the Organizational Structure page.
On the Organization Structure page, click the View Account List button.
After selecting the Account to delete from the Account list, click the More > Delete Account button. The Delete Account popup opens.
- After clicking the Account name of the Account to be deleted, you can also delete it by clicking the Delete Account button on the Account Details page.
After entering the Account name to delete, click the Confirm button.

Reference

When you delete the Account, an Account deletion notification email will be sent to the next user.

Administrator who created the Organization
Root user of the created account
User who has delegation for the created Account

–>

Check Shared Account

You can view the shared Account information in Cloud Control. To check shared account information, follow these steps.

Click the All Services > Management > Cloud Control menu. Navigate to the Service Home page of Cloud Control.

On the Service Home page, click the Shared Account menu. You will be taken to the Shared Account page.

The Shared Account page consists of the Management Account, Log Account, and Audit Account widgets.

Each widget displays the Account name, Account ID, and email information, and clicking the widget name takes you to that Account’s detail page.

Category	Detailed description
Management Account	Account that creates new Accounts and manages billing and access for all Accounts in the organization
Log Account	The account used as the repository for API activity and resource configuration logs collected from all accounts.
Audit Account	A restricted account that enables the security and compliance team to obtain read and write access to all accounts.

Table. Shared Account items

3 - API Reference

API Reference

4 - CLI Reference

CLI Reference

5 - Release Note

Cloud Control

2026.05.21

CHANGED Detection guardrail diagnostic inspection result improvement

The detection guardrail results management screen has been added.
- On the result management screen of the detection guardrail, you can view the diagnostic request result information.

2026.03.19

FEATURE Provide detection guardrail feature

The detection guardrail feature has been added.
- For accounts within the default organizational unit, Config Inspection diagnostics are run automatically every day.
- You can easily view diagnostic results even within the Cloud Control service.

2025.10.23

NEW Official service version release

The official version of the Cloud Control service has been released.
- You can easily and securely build, operate, and manage a multi‑account environment on Samsung Cloud Platform.
- The organization’s cloud governance (security, compliance, standardization, etc.) can be automated and managed through policy violation detection and monitoring functions.