This is the multi-page printable view of this section. Click here to print.
IAM
- 1: Overview
- 2: How-to Guides
- 2.1: User Group
- 2.2: User
- 2.3: Policy
- 2.4: Role
- 2.5: Credential Provider
- 2.6: My Info.
- 2.7:
- 3: API Reference
- 4: CLI Reference
- 5: Release Note
1 - Overview
Service Overview
IAM (Identity and Access Management) is a service that controls the accessible range of services and resources by verifying the identity of registered users on the Samsung Cloud Platform and granting access rights. Administrators can create and manage user, permission group, policy, and role items in detail through IAM.
The user can create a new user if they are a Root user or a user who has been granted user registration authority from the Root user. Policies cannot be directly granted to users, but by adding users to a user group and linking policies to that user group, specific users can be granted access or management rights to resources. In other words, the tasks that can be performed within an Account vary depending on which user group the user belongs to and which policies are linked to that user group.
Provided Features
IAM provides the following features.
- User Authentication: Provides multi-factor authentication (MFA) when accessing the console and API, and also blocks unauthorized access by only allowing access from permitted IP ranges.
- Access Control: Users are added to user groups based on their tasks to limit their access rights to the parts necessary for their tasks. Administrators can manage and grant custom policies.
- Role Management: You can switch to another role from your account to access the Account.
- Credential Provider Supplied: It can be accessed and used in the Console Account through the credential provider.
- Access Control Policy Management: Creates access control policies for each service, including control/action/resource type and authentication method/IP. This enables the application of the principle of least privilege when granting access rights to cloud resources, allowing for access control based on user.
Component
The user can create and manage user groups, users, and policies through Identity and Access Management(IAM).
User Group
In the user group, you can register users and add policies. You can register users by forming a user group suitable for each task, and grant and manage the same authority to users by linking a policy suitable for the task.
User
The administrator can create users and add them to user groups. The administrator can automatically generate or directly create a user’s password and provide account access information to the user.
User Policy
You can create policies for services provided. Authority management is possible according to control type, applied resources, and authentication type.
Role
It is fictional user information with separate permissions, and is not affected by the permissions of the original user account.
Preceding service
Identity and Access Management(IAM) has no preceding service.
2 - How-to Guides
Users can create and manage user groups, users, policies, and My Info. through Identity and Access Management (IAM).
Getting Started with IAM
- Click on the All Services > Management > IAM menu. This will take you to the Service Home page of IAM.
- On the Service Home page, My Info., Account information, Quick Link, and IAM status are provided as widgets.
| Category | Detailed Description |
|---|---|
| My Info. | The username, email, and user group information of the user logged in to the Samsung Cloud Platform Console. Clicking the More button will take you to the My Info. page |
| Account Information | Provides the user’s Account ID, Account alias, and IAM user login URL if the user is an IAM user
|
| Quick Link | Description of My Info. and a button to click to go to the corresponding page.
|
| IAM Status | The number of user groups, users, and policies |
Table. IAM Service Home Widget Items
Editing Account Alias
You can edit the Account alias in the Service Home > Account widget of IAM.
- Click on the All Services > Management > IAM menu. This will take you to the Service Home page of IAM.
- On the Service Home page, click the Edit button for the Account alias in the Account widget. This will take you to the Edit Account Alias popup window.
- In the Edit Account Alias popup window, confirm the instructions and edit the Account alias, then click the OK button.NoteWhen editing the Account alias, the current alias can no longer be used for Console login URL.
After editing, if the alias is not used in another Account, you can use the previous alias again.
Deleting Account Alias
You can delete the Account alias in the Service Home > Account widget of IAM.
- Click on the All Services > Management > IAM menu. This will take you to the Service Home page of IAM.
- On the Service Home page, click the Delete button for the Account alias in the Account widget. This will take you to the Delete Account Alias popup window.
- In the Delete Account Alias popup window, confirm the instructions and click the OK button.Warning
Deleting the Account alias will prevent IAM users from logging in using the Account alias.
- The IAM login URL will also be unavailable.
2.1 - User Group
The user can enter the essential information of the user group and select detailed options through the Samsung Cloud Platform Console to create the corresponding service.
Create a user group
To create a user group, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User Group menu. It moves to the User Group List page.
- User Group List page, click the Create User Group button. It moves to the Create User Group page.
- Basic Information Input, Add User, Policy Link, Additional Information Input area, please enter the necessary information.
Classification NecessityDetailed Description User Group Name Required Enter User Group Name - Use a value between 3 and 24 characters using Korean, English, numbers, and special characters (
+=,.@-_) to input
Description Select Description of the user group name - A detailed description of the user group name, up to 1,000 characters can be entered
User Select User to add to the user group - The list of users registered in the account is retrieved, and when the check box is selected, the user name of the selected user is displayed at the top of the screen
- By clicking the X button for each user at the top of the screen or unchecking the check box in the user list, the selection of the selected user is canceled
- If there are no users to add, click Create User at the bottom of the user list to proceed with new user registration first
- After user creation is complete, the user list is refreshed, and when the user is retrieved, user selection is possible
- For more information on creating a user group, see Create User
Policy Select Policy to be linked to the user group - The list of policies registered in Account is retrieved, and if the check box is selected, the policy name of the selected policy is displayed at the top of the screen
- At the top of the screen, you can cancel the selection of the policy by clicking the X button for each policy or unchecking the check box in the policy list
- If there is no policy to be linked, click Policy Creation at the bottom of the policy list to proceed with new policy registration first
- After policy creation is complete, the policy list is refreshed, and if the policy is retrieved, policy selection is possible
- For more information on policy creation, refer to Creating a Policy
Tag Selection Tags to add to the user group - Up to 50 tags can be added per resource
Table. Input Items for Creating User Group Information - Use a value between 3 and 24 characters using Korean, English, numbers, and special characters (
- Complete button click. Move to the User Group List page.
Check user group detailed information
In the user group, you can check and modify the user group list and detailed information. The User Group Details page consists of Basic Information, Users, Policies, Tags tabs.
To check the detailed information of the user group service, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User Group menu. It moves to the User Group List page.
- User Group List page, click the user group name to check the detailed information. It moves to the User Group Details page.
- User Group Details page displays basic information, and consists of Basic Information, User, Policy, Tag tabs.
Basic Information
User Group List page where you can check the basic information of the selected user group, and modify the user group name and description if necessary.
| Classification | Detailed Description |
|---|---|
| Service | Service Name |
| Resource Type | Resource Type |
| SRN | Unique resource ID in Samsung Cloud Platform |
| Resource Name | Resource Name
|
| Resource ID | Unique Resource ID |
| Creator | The user who created the service |
| Creation Time | The time when the service was created |
| Editor | User who modified the service information |
| Revision Time | Time when service information was revised |
| User Group Name | The name of the user group |
| Description | A description of the user group name |
Table. Basic information tab items of user group
User
User Group List page where you can check the users included in the selected user group, and add or delete users as needed.
- User for more information about the user, please refer to User
| Classification | Detailed Description |
|---|---|
| Exclusion | Exclude users from the user group
|
| Add User | Add another user to the user group
|
| User Name | User’s Name |
| User Group | Number of user groups the user belongs to
|
| Creation Time | The time when the user was created |
Table. User Group Details - User Tab Items
Policy
User Group List page where you can check the policy linking information of the selected user group and modify the policy linking information for the user group if necessary.
- Policy details can be found in the policy guide.
Classification Detailed Description Release Connection Release the connection of the selected policy - Activated when a policy is selected from the policy list
- For more information, refer to Releasing Policy Connection
Policy Connection Connect a new policy to a user group - When the button is clicked, it moves to the Policy Connection page
- For more information, refer to Connecting Policy
policy name the name of the policy Policy Type Type of connected policy - Basic: basic policy provided by Samsung Cloud Platform
- Custom: policy created directly by the user
Description Description of the policy Creation Time The time when the policy was created Revision Time Time when the policy was revised Table. User Group Details - Policy Tab Items
Tag
User Group List page where you can check the tag information of the selected user group, and add, change or delete it.
| Classification | Detailed Description |
|---|---|
| Tag List | Tag list
|
Table. User Group Tag Tab Items
Managing User Groups
You can change the name of the user group, add users, attach policies, or modify tags. If management of the user group is required, you can perform tasks from the user group list or user group details page.
Modify basic information
You can modify the name and description of the user group. To modify the name and description of a user group, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User Group menu. It moves to the User Group List page.
- User Group List page, click the user group name to modify the basic information. It moves to the User Group Details page.
- User Group Details page, check the basic information to be modified, and then click the Modify button.
- User Group Name: You can change the user group name. When the Edit button is clicked, the Edit User Group Name popup window opens.
- Description: you can modify the description of the user group. when the Modify button is clicked, the Description Modification popup window opens.
- In the popup window, modify it to the content to be changed, then click the Confirm button.
Managing Users
You can add or remove users from the user group.
Add User
To add a user to a user group, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User Group menu. It moves to the User Group List page.
- User Group List page, click the user group name to add a user. It moves to the User Group Details page.
- User Group Details page, click the User tab. It moves to the User tab.
- User tab, click the Add User button, and move to the Add User page.
- Add User page’s User list, select the user you want to add, then click the Complete button. A popup window announcing the addition of the user will open.
| Classification | Detailed Description |
|---|---|
| Added user | Display users included in the user group |
| User | Select a user to add to the user group from the list of users registered in the Account
|
Table. Additional User Details
- In the popup window notifying user addition, click the Confirm button. You can check the added user in the list of the User tab.
Excluding Users
To exclude a user from a user group, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User Group menu. It moves to the User Group List page.
- User Group List page, click the user group name to exclude the user. It moves to the User Group Details page.
- User Group Details page, click the User tab. It moves to the User tab.
- User tab, select the user to be excluded from the list of users to be retrieved, and click the Exclude User button.
- The selected user is excluded and the user list is newly retrieved.
Managing Policies
You can attach a policy to a user group or detach an attached policy.
Connect Policy
To link a policy to a user group, follow these procedures.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User Group menu. It moves to the User Group List page.
- User Group List page, click the user group name to link the policy, it moves to the User Group Details page.
- User Group Details page, click the Policy tab. It moves to the Policy tab.
- Policy tab, click the Policy Link button. It moves to the Policy Link page.
- Select the policy to link to the user group, then click the Complete button. A popup window announcing the policy connection will open.
| Classification | Detailed Description |
|---|---|
| Connected Policy | Displays policies directly connected to the user group |
| Policy | Select a policy to be linked to the user group from the list of policies registered in the Account
|
Table. Policy Link Details
- Click the Confirm button in the pop-up window notifying policy connection. You can check the connected policy in the list of the Policy tab.
Policy Disconnection
To detach a policy from a user group, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User Group menu. It moves to the User Group List page.
- User Group List page, click the user group name to detach the policy link, it moves to the User Group Details page.
- User Group Details page, click the Policy tab. It moves to the Policy tab.
- Policy tab where you can select the policy to be disconnected from the list of policies and click the Disconnect button.
- The selected policy will be disconnected and the policy list will be retrieved again.
Managing tags
You can modify the tags of the user group. To modify tags in the user group, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home 페이지에서 User Group 메뉴를 클릭하세요. User Group List 페이지로 이동합니다.
- User Group List page, click the user group name to modify the tag information. It moves to the User Group Details page.
- User Group Details page, click the Tags tab. It moves to the Tags tab.
- Tag tab, click the Edit Tag button.
- After adding or modifying the tag, click the Save button. A popup window announcing the tag modification will open.
- You can modify the Key, Value of the previously registered tag.
- Add tag button to click to add a new tag.
- Clicking the X button in front of the added tag will delete the tag.
- Confirm button should be clicked. You can check the modified tag information from the list.
Delete user group
To delete a user group, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User Group menu. It moves to the User Group List page.
- User Group List page, click the user group name to be deleted, it moves to the User Group Details page.
- User Group Details page, click the Delete User Group button.
- The user group is deleted, and it moves to the User Group List page.
To delete multiple user groups simultaneously, follow the procedure below.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User Group menu. It moves to the User Group List page.
- Check the user groups to be deleted from the user group list.
- Confirm the selected user groups, and click the delete button.
- The selected user groups are deleted and the User Group List page is refreshed.
2.2 - User
The user can enter the required information of the policy and select detailed options through the Samsung Cloud Platform Console to create the corresponding service.
Create User
To create a user, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User menu. It moves to the User List page.
- User List page, click the Create User button. It moves to the Create User page.
- User Creation page’s Basic Information Input, Authority Setting, Additional Information Input area, enter the necessary information, then click the Complete button. A pop-up window announcing user creation will open.
| Classification | Necessity | Detailed Description |
|---|---|---|
| username | required | user’s name
|
| Description | Select | Description of the username
|
| Password | Required | The method of creating a password for the user to use is two-fold.
|
| Password change setting | Selection | Password change setting when user logs in for the first time
|
| Add to user group | Select | Select a user group to include users from the list of user groups registered in the account
|
| Policy Direct Connection | Select | Select a policy to directly connect to the user from the list of policies registered in the Account
|
| Tag | Selection | Tags to add to the user group
|
Table. User-generated information input items
| Classification | Detailed Description |
|---|---|
| Account ID | Account ID value |
| User Name | Created User Name |
| password | the password of the authenticated user
|
| IAM user login URL | IAM user’s login URL information |
| Excel Download | Download IAM user login information as an Excel file |
| Email transmission | An Excel file containing IAM user login information is sent via email
|
Table. IAM user login information items
Password Creation Rules
- Uppercase letters (English), lowercase letters (English), numbers, special characters (
!@#$%&*^) must each be included at least once. - The length is 9~20 characters.
- ID or username cannot be used as a password.
- The same character cannot be used three times or more.
- Easily guessable passwords cannot be used.
- Recently used passwords cannot be used.
- 4 characters or more of consecutive characters/numbers cannot be used.
- The password change cycle is 90 days.
Check user details
In the user section, users can check and modify the user list and detailed information. The User Details page consists of Basic Information, User Group, Tags tabs.
To check the detailed information of the user service, please follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User menu. It moves to the User List page.
- User List page, click the username to check the detailed information. It moves to the User Details page.
- User Details page displays basic information, and consists of Basic Info, User, Policy, Tags tabs.
Basic Information
User List page where you can check the basic information of the selected user, and if necessary, modify the user’s description and options.
| Classification | Detailed Description |
|---|---|
| Service | Service Name |
| Resource Type | Resource Type |
| SRN | Unique resource ID in Samsung Cloud Platform |
| Resource Name | Resource Name
|
| Resource ID | Unique Resource ID |
| Creator | The user who created the service |
| Creation Time | The time when the service was created |
| Editor | User who modified the service information |
| Revision Time | Time when service information was revised |
| User Name | The user’s name |
| Last Login | The time when the user last logged in |
| Description | A description of the username |
| Password | The last time the password was changed
|
| Password Reuse Restriction | Restricts the reuse of recently used passwords
|
| Email Verification Status | |
| Mobile Phone Number | Mobile Phone Number Authentication Status |
Table. User Details - Basic Information Tab Items
User Group
User List page, you can check the user group registered to the selected user and add or exclude the user group if necessary.
- User Group details can be found in User Group please refer to it.
| Classification | Detailed Description |
|---|---|
| Exclusion | Exclude the user from the user group
|
| Add User Group | Add users to another user group
|
| User Group Name | Name of the User Group |
| Connected Policies | Number of policies connected to the user group
|
| Description | Description of the user group |
| Revision Time | Time when the user group was revised |
Table. User Details - User Group Tab Items
Policy
User List page where you can check the policy information of the selected user, and add, change or delete it.
| Classification | Detailed Description |
|---|---|
| Release Connection | Release the connection of the selected policy
|
| View more | You can remove the direct connection or exclude from the user group
|
| Policy Connection | Connect a new policy to the user
|
| Policy Name | Policy’s Name
|
| Type | Type of Policy |
| Description | Description of the policy |
| Connection Method | Policy Connection Method
|
| Revision Time | The time when the policy was last revised |
Table. User Details - Policy Tab Items
Tag
User List page where you can check the tag information of the selected user, and add, change or delete it.
| Classification | Detailed Description |
|---|---|
| Tag List | Tag list
|
Table. User Details - Tags Tab Items
Managing Users
You can change the user’s basic information, add a user group, or modify tags. If management of the user is required, you can perform tasks from the user list or user details page.
Modify basic information
You can modify the user’s basic information.
Caution
The username cannot be modified.
Modify the description
To modify the user’s description, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User menu. It moves to the User List page.
- User List page, click the username to modify the description, it will move to the User Details page.
- User Details page where you check the description, and click the Edit description button. Edit Description popup window opens.
- Description Modification In the popup window, change the description content and then click the Confirm button.
Modify password
To modify the user’s password, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User menu. It moves to the User List page.
- User List page, click the username to modify the password. It moves to the User Details page.
- User Details page, click the Modify password button. Password Reset popup window opens.
- After modifying the password, click the Confirm button. The IAM User Login Information popup window will open.
- Password has the following 2 settings.
- Auto Generation: A random password will be generated.
- Direct Input: It will be created with the password directly entered by the user. It must include at least one of each: uppercase letters (English), lowercase letters (English), numbers, and special characters (
!@#$%&*^). Please refer to the password creation rules. - Password change settings: It is recommended to change the password when logging in for the first time after resetting the password.
Password Creation Rules
- Uppercase letters (English), lowercase letters (English), numbers, special characters (
!@#$%&*^) must each be included at least once. - The length is 9~20 characters.
- ID or username cannot be used as a password.
- The same character cannot be used three times or more.
- Easily guessable passwords cannot be used.
- Recently used passwords cannot be used.
- 4 characters or more of consecutive characters/numbers cannot be used.
- The password change cycle is 90 days.
- After checking the user-generated information, click the Confirm button. The password change will be completed.
Classification Detailed Description Account ID Account ID value User Name Created User Name password password of the authenticated user - view icon to check the password
IAM user login URL IAM user’s login URL information Excel Download Download IAM user login information as an Excel file Email transmission An Excel file containing IAM user login information is sent via email - After clicking the button, enter the email address to receive the email
Table. IAM user login information items
Restricting password reuse
Specifies the number of password history to check so that recently used passwords cannot be reused. To limit the reuse of a user’s password, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User menu. It moves to the User List page.
- User List page, click the username to modify the password reuse restriction, it will move to the User Details page.
- User Details page, click the Modify button to restrict password reuse. The Modify Password Reuse Restriction popup window will open.
- Password Reuse Restriction: Select the number of recent password history records to be used, as a number between 1 and 24.
- Confirmation button should be clicked. Password reuse restriction count change can be confirmed.
User Group Management
You can add or remove users from a user group.
Add User Group
To add a user to a user group, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User menu. It moves to the User List page.
- User List page, click the username to add to the user group. It moves to the User Details page.
- User Details page, click the User Group tab. It moves to the User Group tab.
- User Group tab, click the Add User Group button. It moves to the Add User Group page.
- Add User Group page’s User Group list, select the user group you want to add, then click the Complete button. A pop-up window announcing the addition of the user group will open.
| Classification | Detailed Description |
|---|---|
| Added user group | Display user groups that the user is included in |
| Add to user group | Select a user group to add users from the list of user groups registered in the Account
|
Table. Add User Group Detailed Items
- Click the Confirm button in the popup window notifying the addition of a user group. The added user group can be confirmed in the list of the User Group tab.
Excluding User Groups
To exclude a user from a user group, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User menu. It moves to the User List page.
- User List page, click on the user name to be excluded from the user group. It moves to the User Details page.
- User Details page, click the User Group tab. It moves to the User Group tab.
- User Group tab, select the user group to be excluded from the list of user groups to be retrieved, and click the Exclude User Group button.
- The selected user group is excluded and the user group list is newly retrieved.
Managing Policies
You can link a policy to the user or unlink a linked policy.
Connect Policy
You can include the user in a user group to link policies or link directly to policies.
To link a policy to a user, follow the next procedure.
All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the User menu. It moves to the User List page.
User List page, click the username to link the policy. It moves to the User Details page.
User Details page, click the Policy tab. It moves to the Policy tab.
Policy tab, click the Policy Link button. It moves to the Policy Link page.
Select the user group and policy to connect to the user, then click the Complete button. A popup window announcing the policy connection will open.
Classification Detailed Description Added user group Displays the user group that the user is included in Add to user group Select a user group connected to the policy being used from the list of user groups registered in the Account - When you select a check box, the name of the selected user group is displayed at the top of the list
- You can cancel the selected user group by clicking the X button for the added user group name at the top of the list or by unchecking the check box in the user group list
- If the desired user group is not available, you can click the Create User Group item at the bottom of the user group list to register a new user group first
- After creating a user group, you can refresh the user group list and select the created user group
- For more information on creating a user group, see Creating a User Group
Directly Linked Policies Display policies directly linked to the user Policy Direct Connection Select a policy to directly connect to the user from the list of policies registered in the Account - If you select the check box, the selected policy name will be displayed at the top of the list
- The selected policy can be canceled by clicking the X button at the top of the list or by unchecking the check box in the policy list
- If there is no policy to connect, click the Create Policy item at the bottom of the policy list to register a new policy first
- After policy creation is complete, you can refresh the policy list and select the created policy
- For more information on policy creation, see Create Policy
Table. Policy Link DetailsClick the Confirm button in the pop-up window notifying policy connection. You can check the connected policy in the list of the Policy tab.
Policy Disconnection
You can release the policies connected to the user.
To release the policy linked to the user, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User menu. It moves to the User List page.
- User List page, click the username to detach the policy link, it will move to the User Details page.
- User Details page, click the Policy tab. It moves to the Policy tab.
- Policy list, select the policy to disconnect, then click the Disconnect button. A pop-up window notifying disconnection will open.
- More button is clicked, then you can either disable the directly connected policy or exclude only the user group that the user is included in.
- After checking the policy information to be disconnected, click the Confirm button. The policy will be disconnected.
Guide
Policies linked to a user group can be unlinked by excluding the user from the group. If a user is excluded from a user group, policies linked only through that group will have all links removed.
Managing tags
You can modify the user’s tag. To modify tags from the user, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User menu. It moves to the User List page.
- User List page, click the username to modify the tag information. It moves to the User Details page.
- User Details page, click the Tags tab. It moves to the Tags tab.
- Tag tab, click the Edit Tag button.
- After adding or modifying the tag, click the Save button. A popup window announcing the tag modification will open.
- You can modify the Key, Value of the previously registered tag.
- Add tag button to click to add a new tag.
- Clicking the X button in front of the added tag will delete the corresponding tag.
- Confirm button, you can check the modified tag information from the list.
Delete user
To delete a user, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User menu. It moves to the User List page.
- User List page, click the username to be deleted, it will move to the User Details page.
- User Details page, click the Delete User button.
- the user is deleted, and it moves to the user list page.
To delete multiple users at the same time, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the User menu. It moves to the User List page.
- Check the users to be deleted from the user list.
- Confirm the selected users, and click the delete button.
- The selected users are deleted and the user list page is newly retrieved.
2.3 - Policy
The user can enter the required information of the policy and select detailed options through the Samsung Cloud Platform Console to create the corresponding service.
Create a policy
To create a policy, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the Policy menu. It moves to the Policy List page.
- Policy List page, click the Create Policy button. It moves to the Create Policy page.
- Basic Information Input, Additional Information Input area, enter the required information, then click the Next button. It moves to the Permission Setting area.
Classification MandatoryDetailed Description Policy Name Required Policy Name Input - Use Hangul, English, numbers, and special characters (
+=,.@-_) to enter a value between 3 and 128 characters
Description Selection A detailed description of the policy name - A detailed description of the policy name, up to 1,000 characters can be entered
tag selection policy to add tag - up to 50 tags can be added per resource
Table. Policy Creation Information Input Items - Basic Information and Additional Information - Use Hangul, English, numbers, and special characters (
- Select the service for which you want to set permissions. The permission settings item will be displayed under the name of the selected service.
- You can select the desired service or set up all services.
- Permission Setting area, please enter the required information.
Classification MandatoryDetailed Description control type required policy control type selection - Allow policy: a policy that allows the defined authorities
- Deny policy: a policy that denies the defined authorities
Action Required Select actions provided for each service - Actions that allow individual resource selection are displayed in purple
- Actions that target all resources are displayed in black
- Add Action Directly: Multiple actions can be specified at once using the Wildcard
*
Applied Resource Required Resource to which the action is applied - All Resources: Apply to all resources for the selected action
- Individual Resource: Apply only to the specified resource for the selected action
- Individual resources are only possible when selecting individual resources during purple action selection
- Click the Add Resource button to specify the target resource by resource type
- For more information on Add Resource, see Registering individual resources as applied resources
Authentication Type Required Authentication method for the target users to apply the policy - All Authentication: Applies regardless of authentication method
- API Key Authentication: Applies to users who use API key authentication
- Session Key Authentication, Console Login: Applies to users who use session key authentication or console login
Applied IP Required IP that allows policy application - Custom IP: IP that users directly register and manage
- Applied IP: IP that users directly register and apply policies, which can be registered in IP address or range format
- Excluded IP: IP to be excluded from Applied IP, which can be registered in IP address or range format
- All IP: Does not restrict IP access
- Allows access to all IPs, but if an exception is needed, Excluded IP can be registered to restrict access to registered IPs
Additional Conditions Select Add conditions for Attribute-Based Access Control (ABAC) - Condition Key: Select from Global Condition Key and Service Condition Key list
- Qualifier: Default, Any value in request, All values in request
- Operator: Bool, Null
- Value: True, False
Table. Policy Creation Information Input Items - Authority Settings
Caution
In the authority setting, it provides basic mode and JSON mode.
- Basic Mode에서 작성 후 JSON Mode 진입 또는 화면 이동 시, becomes * When entering JSON Mode or moving the screen after writing in Basic Mode, identical services are integrated into one and services with incomplete settings are deleted.
- JSON mode content written in a format that does not match JSON format cannot be converted to default mode.
- Authority Setting area, please select the service to set the authority first.
- Policy Import allows you to create a policy by importing an existing registered policy. For more information on Policy Import, please refer to Policy Import.
- Next button will be clicked. It moves to the Input Information Confirmation page.
- Check the input information and click the Complete button. It will move to the Policy List page.
Policy Import
You can bring in existing policies and refer to them when creating policies. To bring in existing policies, follow these steps.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the Policy menu. It moves to the Policy List page.
- Policy List page, click the Create Policy button. It moves to the Create Policy page.
- Basic Information Input, Additional Information Input area, please enter the necessary information.
- Next button click. It moves to the Permission Settings area.
- Policy Import button is clicked. Policy Import popup window opens.
- The list of policies registered in the Account will be retrieved. Select the policy you want to import and click Confirm.
- The imported policy is entered in the permission setting area and can be edited.
Note
Policy Import will be executed, then all previously entered contents will be deleted and replaced with the setting values of the selected policy.
Registering individual resources as applied resources
Authority Setting area where you can register individual resources as applied resources. To register individual resources as applied resources, follow the next procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the Policy menu. It moves to the Policy List page.
- Policy List page, click the Create Policy button. Move to the Create Policy page.
- Basic Information Input, Additional Information Input area, please enter the necessary information.
- Next button click. It moves to the Permission Settings area.
- Authorization settings area, select the service to set authorization.
- Action 선택에서 Individual Resource 선택이 가능한 Action을 선택하세요.
- Actions that allow individual resource selection are displayed in purple.
- Applied Resources에서 Individual Resource을 클릭하세요.
- Resource Addition button should be clicked. Resource Addition popup window will be opened.
- Resource Addition tab where you add resources to apply policies. Resource addition is possible in two ways: Resource Selection, Direct Input.
- Resource Selection: Checks and selects resources retrieved by resource type.
- Direct Input: Add the target resource by directly entering it by resource type.
- Wildcard
*,?can be used. Select all is checked, all resources of the corresponding resource type are added, and subsequently newly added resources are also automatically included.
Reference
When you change the additional method, the entered contents will be deleted.
- Check the input information and click the Confirm button.
Check policy details
In the policy, you can check and modify the policy list and detailed information. The policy details page consists of basic information, permissions, connected targets, tags tabs.
To check the detailed information of the policy service, follow the next procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the Policy menu. It moves to the Policy List page.
- Policy List page, click on the policy name to check the detailed information. It moves to the Policy Details page.
- Policy Details page displays basic information, and consists of Basic Information, Authorities, Connection Targets, Tags tabs.
Basic Information
Policy List page where you can check the basic information of the selected policy and modify the policy name and description if necessary.
| Classification | Detailed Description |
|---|---|
| Service | Service Name |
| Resource Type | Resource Type |
| SRN | Unique resource ID in Samsung Cloud Platform |
| Resource Name | Resource Name
|
| Resource ID | Unique Resource ID |
| Creator | The user who created the service |
| Creation Time | The time when the service was created |
| Editor | User who modified the service information |
| Revision Time | The time when service information was revised |
| Policy Name | The name of the policy |
| Policy Type | Type of policy
|
| Description | Description of the policy name |
Table. Policy Details - Basic Information Tab Items
Authority
Policy List page where you can check the authority information of the selected policy and modify the authority if necessary.
- Authority information to confirm the service name’s unfold button is clicked, detailed policy information will be displayed.
Note
In the permission settings, it provides basic mode and JSON mode.
| Classification | Detailed Description |
|---|---|
| Modify Authority | Authority modification is possible
|
| View Mode | Policy Control Type
|
| Control Type | Policy Control Type
|
| Action | Functions provided for each service that is the target of the policy |
| Applied Resource | Resource to which the action is applied
|
| Authentication Type | Authentication method for the target users to apply the policy
|
| Applied IP | IP that allows policy application
|
Table. Policy Details - Permissions Tab Items
Connection target
Policy List page where you can check the user groups registered for the selected policy, and add or exclude user groups as needed.
- User Group details can be found in User Group please refer to it.
| Classification | Detailed Description |
|---|---|
| User | List of users connected to the policy
|
| User Group | List of user groups linked to the policy
|
| Role | Display a list of roles linked to the policy
|
Table. Policy Details - Connected Target Tab Items
Tag
Policy List page where you can check the tag information of the selected policy, and add, change or delete it.
| Classification | Detailed Description |
|---|---|
| Tag List | Tag list
|
Table. Policy Details - Tags Tab Items
Managing Policies
You can change the name of the policy, or modify permissions, connection targets, or tags. If management of policies is required, you can perform tasks from the policy list or policy details page.
Modify basic information
You can modify the name and description of the policy. To modify the policy name and description, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the Policy menu. It moves to the Policy List page.
- Policy List page, click the policy name to modify the basic information. It moves to the Policy Details page.
- Policy Details page, check the basic information to be modified, and then click the Modify button.
- Policy Name: You can change the policy name. When the Edit button is clicked, the Edit Policy Name popup window opens.
- Description: You can modify the description of the policy. When the Modify button is clicked, the Description Modification popup window opens.
- Modify the content to be changed in the popup window, then click the Confirm button.
Managing Permissions
You can modify the authority of the policy. To modify the authority of the policy, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the policy menu. It moves to the policy list page.
- Policy List page, click the policy name to modify the policy authority. It moves to the Policy Details page.
- Policy Details page, click the Authority tab. It moves to the Connection Authority tab.
- Policy Details page, click the Edit Permissions button. It moves to the Edit Permissions page.
- Modify Authority page where you modify the necessary authority, click the Next button. It moves to the Check Input Information page.
- For a detailed description of each item in the authorization information, please refer to Creating a Policy.
- Input Information Confirmation page, confirm the modified authority information and click the Complete button. Move to the Authority tab.
Managing User Connections
- Policy > Connected Targets tab where you can check the users registered in the policy and connect or disconnect users as needed.
- User for more information about the user, please refer to User
Connect User
To connect a user to a policy, follow the next procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home 페이지에서 Policy 메뉴를 클릭하세요. Policy List 페이지로 이동합니다. should be translated to: 2. Service Home page, click the Policy menu. It moves to the Policy List page. So the correct translation is: 2. Service Home page, click the Policy menu. It moves to the Policy List page.
- Policy List page, click the policy name to link the user. It moves to the Policy Details page.
- Policy Details page, click the Connection Target tab. It moves to the Connection Target tab.
- Connection Target tab, click the User Connection button, move to the User Connection page.
- User Connection page’s User list, select the user you want to connect to, then click the Complete button. A pop-up window announcing the user connection will open.
| Classification | Detailed Description |
|---|---|
| Connected User Group | Display users connected to the policy |
| User Group | Select a user to link the policy from the list of users registered in the Account
|
Table. User Connection Details
Disconnecting the user
To disconnect a user’s connection linked to the policy, follow the next procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the policy menu. It moves to the policy list page.
- Policy List page, click the policy name to disconnect the user connection. It moves to the Policy Details page.
- Policy Details page, click the Connection Target tab. It moves to the Connection Target tab.
- Connection Target tab, select the user to disconnect from the list of user groups, then click the Disconnect button. A pop-up window notifying disconnection will open.
- Click the Confirm button in the pop-up window to notify the disconnection. The connection of the selected user will be released and the user group list will be refreshed.
Managing User Group Connections
- Policy > Connected Targets tab where you can check the user groups registered in the policy, and connect or disconnect user groups as needed.
- User Group details can be found in the User Group guide.
Connect User Group
To link a user group to a policy, follow these procedures.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the Policy menu. It moves to the Policy List page.
- Policy List page, click on the policy name to link the user group. It moves to the Policy Details page.
- Policy Details page, click the Connection Target tab. It moves to the Connection Target tab.
- Connection Target tab, click the User Group Connection button, and move to the User Group Connection page.
- User Group Linking page, select the user group you want to link from the User Group list, then click the Complete button. A popup window announcing the user group connection will open.
| Classification | Detailed Description |
|---|---|
| Connected User Group | Displays the user group connected to the policy |
| User Group | Select a user group to link the policy from the list of user groups registered in the Account
|
Table. User Group Link Details
Disconnecting User Groups
To disconnect the connection of the user group connected to the policy, follow the following procedure.
- All services > Management > IAM menu should be clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the policy menu. It moves to the policy list page.
- Policy List page, click the policy name to release the user group link, it moves to the Policy Details page.
- Policy Details page, click the Connection Target tab. It moves to the Connection Target tab.
- Connection Target tab, select the user group to disconnect from the list of user groups, then click the Disconnect button. A pop-up window notifying disconnection will open.
- Click the Confirm button in the pop-up window to notify the disconnection. The connection of the selected user group will be released and the user group list will be refreshed.
Role Connection Management
- Policy > Connected Targets tab where you can check the roles registered in the policy, and connect or disconnect roles as needed.
- Role details can be found in the role guide.
Connecting Roles
To link a role to a policy, follow these procedures.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the policy menu. It moves to the policy list page.
- Policy List page, click on the policy name to link the role. It moves to the Policy Details page.
- Policy Details page, click the Connection Target tab. It moves to the Connection Target tab.
- Connection Target tab, click the Role Binding button, move to the Role Binding page.
- Role Connection page’s Role list, select the role you want to connect, then click the Complete button. A pop-up window announcing the role connection will open.
| Classification | Detailed Description |
|---|---|
| Connected Role | Display roles connected to the policy |
| Role | Select a role to link policies from the list of roles registered in the Account
|
Table. Detailed Items of Role Linkage
Disconnecting Roles
To disconnect the connection of a role connected to a policy, follow the following procedure.
- All services > Management > IAM menu should be clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the Policy menu. It moves to the Policy List page.
- Policy List page, click the policy name to release the role link, it will move to the Policy Details page.
- Policy Details page, click the Connection Target tab. It moves to the Connection Target tab.
- Connection Target tab, select the role to disconnect from the list of roles and click the Disconnect button. A pop-up window notifying disconnection will open.
- Click the Confirm button in the pop-up window to notify the disconnection. The connection of the selected role will be released and the role list will be refreshed.
Tag management
You can modify the tags of the policy.
To modify tags in the policy, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the Policy menu. It moves to the Policy List page.
- Policy List page, click the policy name to add a user. It moves to the Policy Details page.
- Policy Details page, click the Tags tab. It moves to the Tags tab.
- Tag tab, click the Edit Tag button.
- After adding or modifying the tag, click the Save button. A popup window announcing the tag modification will open.
- You can modify the Key, Value of the previously registered tag.
- Add tag button to click on to add a new tag.
- Clicking the X button in front of the added tag will delete the tag.
- Confirm button, you can check the modified tag information from the list.
Policy deletion
To delete a policy, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the Policy menu. It moves to the Policy List page.
- Policy List page, click the policy name to be deleted. It moves to the Policy Details page.
- Policy Details page, click the Delete Policy button.
- The policy is deleted, and it moves to the policy list page.
To delete multiple policies at the same time, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the policy menu. It moves to the policy list page.
- Select the policy to delete from the policy list.
- Confirm the selected policies and click the policy deletion button.
- The selected policies are deleted and the policy list page is newly retrieved.
2.4 - Role
The user can create a role with separate permissions and switch from their own account to another role to access the Account.
Creating a role
To create a role, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the role menu. It moves to the role list page.
- Role List page, click the Create Role button. It moves to the Create Role page.
- Role Creation page where you enter information for role creation, click the Complete button.
- Basic Information Input를 입력하세요.
Classification NecessityDetailed Description Role Name Required Enter the name of the role - Use English letters, numbers, and special characters (
+=-_@,.) to enter within 64 characters
Description Selection Enter a description of the role within 1,000 characters Maximum session persistence time Required Enter the session time allowed for the user when switching roles in the console - Time selection: 1 hour, 2 hours, 4 hours, 8 hours, 12 hours
- Job input: Input possible in seconds from 3,200 seconds (1 hour) to 43,200 seconds (12 hours)
Table. Basic Information Items for Role Creation - Use English letters, numbers, and special characters (
- Execution Entity를 연결하세요.
Classification MandatoryDetailed Description Classification Essential Select the performing entity - Current Account, Different Account, User SRN, Credential Provider, Service
Value Required Enter the Value value for the performing entity - Current Account: Display the current Account ID
- Different Account: Enter the Account ID to use this role
- User SRN: Enter the SRN of the user registered in the Console
- Credential Provider: Select the credential provider name
- Service: Select Virtual Server or Cloud Functions
Add Select A button to add the performing entity - Up to 20 additional connections are possible
Table. Role Creation Performing Subject Connection Items - Policy을 연결하세요 -> * Connect the policy.
Classification MandatoryDetailed Description Policy Required Select a policy to link to the role - If you select the check box, the selected policy name will be displayed at the top of the list
- You can cancel the policy by clicking the X button for the added policy name at the top of the list or by unchecking the check box in the policy list
- If there is no policy to link, you can click the Create Policy item at the bottom of the policy list to register a new policy first
- After policy creation is complete, you can refresh the policy list and select the created policy
- For more information on policy creation, see Create Policy
Table. Role Creation Policy Link Items - Additional information를 입력하세요.
Classification MandatoryDetailed Description Tag Selection Tags to add to the role - Up to 50 tags can be added per resource
Table. Role Creation Additional Information Items
- When the popup window notifying role creation opens, click the Confirm button.
Check detailed role information
Role List page where you can check and modify the detailed information of the selected role.
To check the detailed information of the role, follow the next procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the role menu. It moves to the role list page.
- Role List page, click the identity provider to verify. It moves to the Identity Provider Details page.
- Role Details page displays basic information, and consists of Basic Information, Performing Entity, Policy, Tag tabs.
Basic Information
You can check and modify the basic information of the role.
| Classification | Detailed Description |
|---|---|
| Service | Service Name |
| Resource Type | Resource Type |
| SRN | Unique resource ID in Samsung Cloud Platform |
| Resource Name | Resource Name
|
| Resource ID | Unique Resource ID |
| Creator | The user who created the service |
| Creation Time | The time when the service was created |
| Modifier | User who modified the service information |
| Revision Time | The time when service information was revised |
| Role Name | Role’s Name |
| Description | Description of the role proof provider
|
| Maximum session duration | The role session duration allowed for an IAM user switching roles in the Console
|
Table. Role Details - Basic Information Tab Items
Performing Entity
You can confirm and manage the subject of role performance.
| Classification | Detailed Description |
|---|---|
| Division | Name of the executing entity |
| Value | Value of the performing entity |
| Modify Executor | Modify the executor button
|
Table. Role Details - Performing Entity Tab Items
Policy
| Classification | Detailed Description |
|---|---|
| Disconnect | Disconnects the selected policy from the role
|
| Policy Connection | Connect a new policy to the role
|
| Policy Name | Policy’s Name
|
| Type | Type of Policy |
| Description | Description of the policy |
| Modification Time | The time when the policy was last modified |
Table. Role Details - Policy Tab Items
Tag
You can check, add, change, or delete the tag information of the credential provider.
| Classification | Detailed Description |
|---|---|
| Tag List | Tag list
|
Table. Role Supervisor - Tag Tab Items
Managing Roles
You can change the basic information of the role, or modify or delete the performing entity, connected policies, or tag information of the role.
Modify basic information
You can modify the maximum session persistence time and description in the role details. To modify the basic information, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the role menu. It moves to the role list page.
- Role List page, click the user role name to modify the basic information. It moves to the Role Details page.
- Role Details page, check the basic information to be modified, and then click the Modify button.
- Maximum session duration: You can set the role session duration allowed for an IAM user switching roles in the Console. When you click the Edit button, the Edit maximum session duration popup window opens.
- Description: You can modify the description of the role. When the Modify button is clicked, the Description Modification popup window opens.
- In the popup window, modify it to the content to be changed, then click the confirm button.
Managing the Performing Entity
You can add, modify, or delete the subject of the role’s performance.
To manage the performing subject of a role, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the role menu. It moves to the role list page.
- Role List page, click the user name to modify the performing subject. It moves to the Role Details page.
- Role Details page, click the Performing Entity tab. It moves to the Performing Entity tab.
- Execution Entity tab, click the Modify Execution Entity button. It moves to the Modify Execution Entity page.
- Modify the performing entity page, modify the performing entity, and then click the Complete button. A pop-up window announcing the modification of the performing entity will open.
| Classification | Mandatory | Detailed Description |
|---|---|---|
| Classification | Essential | Select the performing entity
|
| Value | Required | Enter the Value value for the performing entity
|
| Add | Select | Button to add the performing entity
|
Table. Items to be revised by the performing entity
- Click the Confirm button in the pop-up window notifying the modification of the performing entity. You can check the modified performing entity in the list of the Performing Entity tab.
Managing Policies
You can link policies to roles or unlink linked policies.
Connect Policy
You can link policies to a role.
To link a policy to a role, follow these procedures.
All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
Service Home page, click the role menu. It moves to the role list page.
Role List page, click the role name to link the policy. It moves to the User Detail page.
Role Details page, click the Policy tab. It moves to the Policy tab.
Policy tab, click the Policy Link button. It moves to the Policy Link page.
After selecting the policy to be linked to the role, click the Complete button. A popup window announcing the policy connection will open.
Classification Detailed Description Connected Policy Displays the policy connected to the role Policy Select a policy to be linked to the role from the list of policies registered in the Account - When you select a check box, the selected policy name is displayed at the top of the list
- The selected policy can be canceled by clicking the X button at the top of the list or by unchecking the check box in the policy list
- If there are no policies to link, click the Create Policy item at the bottom of the policy list to register a new policy first
- After policy creation is complete, you can refresh the policy list and select the created policy
- For more information on policy creation, see Create Policy
Table. Policy Link DetailsClick the Confirm button in the pop-up window notifying policy connection. You can check the connected policy in the list of the Policy tab.
Policy Disconnecting
You can release the policies connected to the user.
To release the policy linked to the user, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the role menu. It moves to the role list page.
- Role List page, click the role name to disconnect the policy link. It moves to the Role Details page.
- Role Details page, click the Policy tab. It moves to the Policy tab.
- Policy list, select the policy to disconnect, then click the Disconnect button. A pop-up window notifying disconnection will open.
- After checking the policy information to be disconnected, click the Confirm button. The policy will be disconnected.
Managing tags
You can add, modify, or delete the role’s tag.
To manage the role’s tags, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the Role menu. It moves to the Role List page.
- Role List page, click the role name to modify the tag information. It moves to the Role Details page.
- Role Details page, click the Tags tab. It moves to the Tags tab.
- Tag tab, click the Edit Tag button.
- After adding or modifying the tag, click the Save button. A popup window announcing the tag modification will open.
- You can modify the Key, Value of the previously registered tag.
- Add tag button to click and add a new tag.
- Clicking the X button in front of the added tag will delete the tag.
- Confirm button, you can check the modified tag information in the list.
Switching roles
To switch roles in the Samsung Cloud Platform Console, follow the following procedure.
Click the profile-shaped button at the top right of the Console. My menu popup window will open.
My menu popup window, click the role switch button. Role switch popup window opens.
Role Switching In the role switching popup window, enter the role switching information and click the Confirm button.
Classification MandatoryDetailed Description Account ID required Enter the Account ID that the user wants to enter with role switching Role Name Mandatory Enter the role name that the user wants to enter through role switching Alias Select Name to be used when the user enters with role switching Color Required Select a color to use as the background of the Account when entering the role - Not selected: Apply the existing Account background color
Table. Role Transition Information ItemsWhen the popup window notifying role switching opens, click the Confirm button.
Check the role
Console you can check the role information switched by clicking the profile-shaped button at the top right of the console.
| Provided Function | Description |
|---|---|
| Account ID | Account ID logged in to Samsung Cloud Platform Console |
| Role Name | Alias set when switching roles
|
| Time Zone | Time zone set by the user
|
| Account | Account information
|
| Cost Management | You can check the usage and billing details, payment history, and cost analysis, and manage Credits, budgets, Accounts, and payment methods
|
| Login user information | Role switched IAM user name and user’s Account ID |
| Switch to my account | Switch to the IAM user account and move to the Console Home page
|
| Role Switching | Can be switched to another role
|
| Log out | Log out from Samsung Cloud Platform Console |
Table. My Info. items when role switching
Delete role
To delete a role, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the role menu. It moves to the role list page.
- Role List page, click the role name to be deleted. It moves to the Role Details page.
- Role Details page, click the Delete Role button.
- The role is deleted, and it moves to the role list page.
To delete multiple roles at the same time, follow the procedure below.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the role menu. It moves to the role list page.
- Check the role to be deleted from the role list.
- Confirm the selected role, and click the role deletion button.
- The selected role is deleted and the role list page is newly retrieved.
2.5 - Credential Provider
You can access and use the Account resource through an identity provider.
Creating a Credential Provider
To create a credential provider, follow these procedures.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the credential provider menu. It moves to the credential provider list page.
- Credential Provider List page, click the Create Credential Provider button. It moves to the Create Credential Provider page.
- Basic Information Input, Additional Information Input areas, enter the information and click the Confirm button.
| Classification | Mandatory | Detailed Description |
|---|---|---|
| Credential Provider Name | Required | Name of the credential provider
|
| Description | Select | Enter a description of the identity provider within 1,000 characters |
| Type | Required | Select the type of authentication provider
|
| Metadata | Select | Attach a metadata file provided by the IdP, only one file can be uploaded by clicking the File Attach button
|
| Tag | Selection | Tags to be added to the authentication provider group
|
Table. Input Items for Creating Credential Provider Information
Reference
Credential Provider from OIDC type is scheduled to be available in 2026.
- When the popup window notifying the creation of a credential provider opens, click the Confirm button.
Check the details of the certificate provider
You can check and modify the credential provider details. The Credential Provider page consists of Basic Information, Tags tabs.
To check the detailed information of the certification provider, follow the next procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the credential provider menu. It moves to the credential provider list page.
- Credential Provider List page, click the credential provider to check, it moves to the Credential Provider Details page.
- Credential Provider Details page displays basic information, and consists of Basic Information tab, Tags tab.
Basic Information
You can check and modify the basic information of the certification provider.
| Classification | Detailed Description |
|---|---|
| Service | Service Name |
| Resource Type | Resource Type |
| SRN | Unique resource ID in Samsung Cloud Platform |
| Resource Name | Resource Name
|
| Resource ID | Unique Resource ID |
| Creator | User who created the service |
| Creation Time | The time when the service was created |
| Editor | User who modified the service information |
| Revision Time | The time when service information was revised |
| Credential Provider Name | Credential provider’s name
|
| Type | The type of credential provider |
| Description | Description of the identity provider
|
| Login URL | Login URL |
| Metadata | Metadata
|
Table. Credential Provider Basic Information Tab Items
Reference
ID Center에서 사용 중인 자격 증명 공급자 정보는 수정할 수 없습니다 -> The credential provider information being used in the ID Center cannot be modified.
Tag
You can check, add, change or delete the tag information of the credential provider.
| Category | Detailed Description |
|---|---|
| Tag List | Tag list
|
Table. Credential Provider Tags Tab Items
Deleting Credential Providers
Guidance
ID Center에서 사용 중인 자격 증명 공급자 정보는 수정할 수 없습니다. -> ID Center에서 사용 중인 자격 증명 공급자 정보는 수정할 수 없습니다. is incorrect, here is the correct translation: The credential provider information currently in use at the ID Center cannot be modified.
To delete an identity provider, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the credential provider menu. It moves to the credential provider list page.
- Credential Provider List page, click the credential provider name to be deleted, it moves to the Credential Provider Details page.
- Credential Provider Details page, click the Delete Credential Provider button.
- The credential provider is deleted, and it moves to the Credential Provider List page.
To delete multiple identity providers at the same time, follow these steps.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the credential provider menu. It moves to the credential provider list page.
- Check the certification provider to be deleted from the list of certification providers.
- Confirm the selected credential provider and click the Credential Provider Delete button.
- The selected credential provider is deleted and the Credential Provider List page is refreshed.
2.6 - My Info.
My Info. provides the function of managing the user’s basic information and authentication key.
My Info. Check
The user can check and change the user’s basic information on the My Info screen, and manage the authentication key.
My Info.’s information to confirm, please follow the next procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the My Info. menu. It moves to the My Info. page.
- My Info. page displays basic information, and it consists of basic information, user, policy, tag tabs.
Notice
My Info. page can be accessed from My menu > My Info. at the top of the Console screen and My Info. of Console Home.
Basic Information
My Info. > Basic Information tab where you can check the user’s basic information and modify email, password, mobile phone number, password reuse restriction, and time zone if necessary.
| Classification | Detailed Description |
|---|---|
| User Name | User’s Name |
| SRN | user’s SRN |
| User’s Email | |
| Mobile Phone Number | User’s Mobile Phone Number |
| Password | User’s password |
| Password Reuse Limit | Number of password reuse limits for users |
| Time Zone | User’s Time Zone |
| Terms of Service | User’s Name |
Table. Basic info tab items of My Info.
Notice
The way to modify basic information is to refer to Modify Basic Information.
Key Management
My Info. > Authentication Key Management tab where you can check the user’s authentication key information and create an authentication key if necessary.
| Classification | Detailed Description |
|---|---|
| Authentication Key | Authentication key created by user
|
| Security Settings | Security settings for authentication key
|
Table. My Info.'s authentication key management tab items
Access IP Control
My Info. > Access IP Control tab where you can register and manage accessible IPs.
| Classification | Detailed Description |
|---|---|
| Console access IP control | Whether to use the access IP control function
|
| Access IP List | List of IPs that can access the Console |
Table. Access IP Control Tab Items
Notice
- The access IP control function can only be used by Root users and IAM users, it cannot be used by ID Center and roles.
- You can add and manage IPs even if you don’t use the access IP control feature.
Basic Information Modification
My Info. > Basic Information tab where you can modify email, password, mobile phone number, password reuse restriction, and timezone.
Editing email
You can modify the user’s email. To modify the user’s email, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the My Info. menu. It moves to the My Info. page.
- My Info. page’s basic information tab, click edit email. edit email popup window will be opened.
- Email Modification popup window, enter the characters displayed for auto-input prevention and press the Confirm button.
- Email을 입력하고 Authentication 버튼을 클릭하세요. 입력된 Email로 인증번호가 발송됩니다.
- Enter the authentication number sent to the entered email and click the confirm button.
- Email modification popup window, click the Confirm button. Password confirmation popup window opens.
- Password Confirmation popup window, enter the password, then click the Confirm button. It moves to the Basic Information tab.
Caution
Please enter your email information accurately, if the authentication number is not received, please check the spam message box.
Modify password
You can modify the user’s password. To modify the user’s password, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the My Info. menu. It moves to the My Info. page.
- My Info. page’s basic information tab, click password modification. The password change popup window opens.
- Password Change popup window, enter Existing Password, New Password, and Password Confirmation.
- Password change popup window, click the Confirm button. It moves to the Basic Information tab.
Caution
Precautions when changing password
- Uppercase letters (English), lowercase letters (English), numbers, special characters (
!@#$%&*^) must each be included at least once. - The length is 9~20 characters.
- ID or username cannot be used as a password.
- The same character cannot be used three times or more.
- Easily guessable passwords cannot be used.
- Recently used passwords cannot be used.
- 4 characters or more of continuous characters/numbers cannot be used.
- The password change cycle is 90 days.
Modify phone number
You can modify the user’s mobile phone number. To modify the user’s mobile phone number, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the My Info. menu. It moves to the My Info. page.
- My Info. page’s basic information tab, click the change mobile phone number button. The change mobile phone number popup window will open.
- Cell phone number change popup window, enter the characters shown for auto-input prevention and press the Confirm button.
- Phone number를 입력하고 Verify 버튼을 클릭하세요. 입력된 Phone number로 인증번호가 발송됩니다.
- Enter the authentication number sent to the entered mobile phone number and click the confirm button.
- Change mobile phone number popup window, click the Confirm button. Password confirmation popup window opens.
- Password Confirmation popup window, enter the password and click the Confirm button. Move to the Basic Information tab.
Caution
Please enter the mobile phone number information in your name accurately. If the authentication number is not received, please check the spam message box.
Modify password reuse restrictions
You can modify the number of times a user’s password can be reused. To modify the number of times a user’s password can be reused, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the My Info. menu. It moves to the My Info. page.
- My Info. page’s basic information tab, click Modify password reuse restriction. The Modify password reuse restriction popup window will open.
- Password Reuse Restriction Modification In the popup window, select the number of recently used passwords that cannot be reused.
- Password Reuse Restriction Modification popup window, click the Confirm button. Move to the Basic Information tab.
Modifying the Time Zone
You can modify the user’s time zone. To modify the user’s time zone, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the My Info. menu. It moves to the My Info. page.
- My Info. page’s basic information tab, click time zone modification, the time zone modification popup window opens.
- Time Zone Modification Please select the user’s time zone.
- Time modification popup window, click the Confirm button. It moves to the Basic Information tab.
Managing authentication keys
My Info. > Authentication Key Management tab where you can generate authentication keys and manage security settings.
Creating an authentication key
You can generate the user’s authentication key. To generate the user’s authentication key, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the My Info. menu. It moves to the My Info. page.
- My Info. page’s Key Management tab should be clicked. It moves to the Key Management tab.
- API Key Management tab, click the Generate API Key button. This will move to the Generate API Key page.
- Generate authentication key page where you enter the expiration period and usage.
- Expiration period can be entered as a number from 1 to 365.
- Expiration period where selecting permanent allows permanent use.
- Check the authentication key creation information and click the Confirm button. It moves to the Authentication Key Management tab.
Reference
- The authentication key can only be created up to 2 times.
- After generating a new authentication key, you must apply the changed API authentication key to the service you are using.
- In the security settings, you can set the authentication method and access allowed IP usage settings.
- You can call the API with the generated authentication key to issue a temporary key, and up to 5 can be issued per authentication key.
Check the details of the authentication key
To view the detailed information of the authentication key, proceed with the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the My Info. menu. It moves to the My Info. page.
- My Info. page’s Key Management tab should be clicked. It moves to the Key Management tab.
- Authentication Key Management tab, click on the authentication key you want to inquire, it will move to the Authentication Key Details page.
- API Key Details page consists of Basic Information, API Key Management tabs.
Basic Information
Authentication Key Details > Basic Information tab where you can check the basic information of the selected authentication key.
| Classification | Detailed Description |
|---|---|
| Use of authentication key | Indicates whether to use the authentication key
|
| Delete authentication key | Delete the authentication key |
| Authentication Key | Access Key and Secret Key information
|
| Usage | Purpose of using the authentication key |
| Creation Time | The time when the user created the authentication key |
| Expiration Time | Expiration time of the authentication key created by the user |
| Secret Vault | Secret Vault service usage status
|
Table. My Info.'s authentication key management > Basic information items
User Lim Sik-i
Authentication Key Details > User Key tab where you can view the list of user keys for the selected authentication key.
Notice
임시키는 API로만 생성이 가능하며 사용자 임시키 탭에서는 조회 및 삭제만 가능합니다. is translated to: IMSI key can only be created via API, and on the User IMSI key tab, only inquiry and deletion are possible.
| Classification | Detailed Description |
|---|---|
| Delete | Delete the selected license key from the user license key list
|
| More | Select the usage of the selected IMSI from the user IMSI list
|
| Access Key | A unique string to call the API |
| Secret Key | Security token used with Access Key
|
| Creation Time | The time when the user created the authentication key |
| Expiration Time | Expiration time of the authentication key created by the user |
| Status | Whether to use the authentication key |
Table. My Info.'s authentication key management > User Private Key Details
Secret Vault Administrator
인증키 상세 > Secret Vault 임시키 tab allows you to view the list of Secret Vault 임시키 for the selected authentication key.
Notice
- Secret Vault service can be checked when using.
- The shim key can only be created via API, and in the Secret Vault tab, only viewing and deletion are possible.
| Classification | Detailed Description |
|---|---|
| Delete | Delete the selected license key from the user license key list
|
| More | Select the usage of the selected IMSI from the user IMSI list
|
| Access Key | a unique string for calling the API |
| Secret Key | Security token used with Access Key
|
| Creation Time | The time when the user created the authentication key |
| Expiration Time | Expiration time of the authentication key created by the user |
| Status | Whether to use the authentication key |
Table. My Info.'s authentication key management > Secret Vault detailed items
Modify authentication key security settings
You can register security settings for the user’s authentication key. To register security settings for the user’s authentication key, follow the procedure below.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the My Info. menu. It moves to the My Info. page.
- My Info. page’s Key Management tab should be clicked. It moves to the Key Management tab.
- Authentication Key Management tab, click the Edit Security Settings button. It moves to the Authentication Key Security Settings Edit page.
- Modify authentication key security settings page where you enter the authentication method and allowed access IP.
- Authentication method: One-time key, authentication key
- You can access it only when the set authentication is set as the authentication method when calling the API.
- Issued key: issued key using authentication key and authentication number for authentication
- Authentication key: authenticated with the authentication key created in the Console
- Allowed IP for Access: IP that controls user access
- Usage settings only allow access to specific IP ranges when enabled.
- Usage settings after IP unregistration will deny access to all IPs.
- Do not use setting allows access to all IPs.
- Up to 50 can be registered.
- You can enter an IP address or CIDR.
- Check the security settings information for the authentication key and click the Confirm button. It moves to the Authentication Key Management tab.
Note
- South Korea (kr-south) region restrictions
- Access allowed IP is set to Use, only IP addresses can be entered, CIDR cannot be entered.
Caution
- It is recommended to use IMSI authentication and allow access to IP usage.
- When authenticating the authentication key, the email or text authentication step may be omitted, which may cause a security risk.
- Access allowed IP if not used, it can be accessed from any IP, which can cause a security risk.
- Allowed IP for access when used, if the IP is not registered, all access will be restricted.
- The authentication key with a temporary key generated by Secret Vault can be stopped and deleted after canceling the Secret Vault service in each region of the Account.
Delete authentication key
Guidance
- The authentication key can only be deleted when it is in the suspended state. Please stop using the authentication key before deleting it.
- When using the Secret Vault service, you cannot stop using the authentication key. Please cancel the Secret Vault service first.
To delete the authentication key, follow the following procedure.
- All services > Management > IAM menu, click. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the My Info. menu. It moves to the My Info. page.
- My Info. page’s Key Management tab should be clicked. It moves to the Key Management tab.
- Authentication Key Management tab, click the authentication key to be deleted from the list of authentication keys. It moves to the Authentication Key Details page.
- Authentication Key Details page, click the Delete Authentication Key button.
- The authentication key is deleted, and it moves to the Authentication Key Management tab.
To delete multiple policies at the same time, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the My Info. menu. It moves to the My Info. page.
- My Info. page’s Key Management tab should be clicked. It moves to the Key Management tab.
- Key Management tab’s key list, check the authentication key to be deleted from there.
- Check the selected authentication keys and click the Delete Authentication Key button.
- The selected authentication keys are deleted and the Authentication Key Management tab is newly retrieved.
Managing Access IP
My Info. > Access IP Control tab where you can register and manage IP addresses that can access the Console.
You can restrict access to the Console only from registered IP ranges by using the access IP control feature.
Notice
- The access IP control function can only be used by Root users and IAM users, it cannot be used by ID Center and roles.
- You can add and manage IPs even if you don’t use the access IP control feature.
To use the access IP control function and manage IP, follow the following procedure.
- All services > Management > IAM menu is clicked. It moves to the Service Home page of Identity and Access Management(IAM).
- Service Home page, click the My Info. menu. It moves to the My Info. page.
- My Info. page, click the Access IP Control tab. It moves to the Access IP Control page.
- Access IP Control page, click the Edit button of Console Access IP Control. The Password Confirmation popup window opens.
- After entering the password, click the Confirm button. The Console Access IP Control Modification popup window will open.
- After setting the access IP control function to use, register the IP to be allowed access.
| Classification | Detailed Description |
|---|---|
| Console access IP removal | Whether to use the access IP control function
|
| IP list | List of IPs allowed to access
|
Table. Console Access IP Control Modification Items
2.7 -
3 - API Reference
API Reference
4 - CLI Reference
CLI Reference
5 - Release Note
IAM
2025.10.23
FEATURE
IP access control feature added and other features enhanced- When creating a user or changing a password, related information can be shared by email.
- The entities that perform the role function have been added as Virtual Server and Cloud Function.
- When the role is changed, you can check the session expiration time in My Menu.
- You can register and manage IP addresses that can access the Console.
- The Root user and IAM user with the same information (phone number, email) can switch to each other even after logging in.
2025.07.01
FEATURE
Role, Authentication Provider Functionality Provided- Role function has been added.
- The user can switch from their account to another role to access the Account.
- Credential provider feature has been added.
- You can create an identity provider and access the Account resource in the Console through the created identity provider.
- You can directly connect users and policies.
- When creating a policy, you can add conditions for attribute-based access control (ABAC).
2025.04.28
FEATURE
My info feature change- The mandatory conditions for creating a user password have been changed.
- When modifying the authentication key, CIDR input is applied selectively.
- When the user’s email or phone number is changed, a password re-confirmation procedure has been added.
2025.02.27
FEATURE
IAM user group, user, policy, and authentication key feature changes- IAM(Identity and Access Management) function change
- Added user group and user function, policy creation function.
- App authentication key and storage authentication key are integrated to provide as an authentication key.
- Samsung Cloud Platform common feature change
- Account 및 Service Home, tags etc common CX change items have been reflected.
2024.07.02
NEW
Official Release of IAM Service- IAM(Identity and Access Management) service has been released.
- provides user authentication and authorization management
- provides access control policy management
2024.07.02
NEW
IAM Beta Service Release- IAM(Identity and Access Management) service has been released.
- provides user authentication and authorization management
- access control policy management provided