The page has been translated by Gen AI.

Overview

Service Overview

IAM(Identity and Access Management) is a service that controls the range of access to services and resources by verifying the identity of users registered on the Samsung Cloud Platform and granting access permissions. Administrators can create and manage users, permission groups, policies, and role items in detail through IAM.

Users can create new users if they are the Root user or have been granted user registration authority by the Root user. Policies cannot be assigned directly to users; instead, users are added to user groups, and policies are attached to those groups, granting specific users permission to access or manage resources. In other words, the tasks a user can perform within an account depend on which user group they belong to and which policies are attached to that group.

Provided features

IAM provides the following features.

  • User Authentication: Provides multi-factor authentication (MFA; Multi-Factor Authentication) for Console and API access. Additionally, it blocks unauthorized access by allowing access only from permitted IP ranges.
  • Permission Management: Add users to user groups based on tasks, limiting their access permissions to the parts required for the work. Administrators can manage and assign custom policies.
  • Role Management: You can switch from your own account to another role to access the Account.
  • Credential Provider Offering: You can access and use the Account within the Console via the credential provider.
  • Access Control Policy Management: Create access control policies for each service regarding control/action/resource type and authentication method/IP. This enables the application of least‑privilege policies when granting access to cloud resources, allowing user‑based access control.

Component

Users can create and manage user groups, users, policies through Identity and Access Management(IAM).

User group

In the user group, you can register users and add policies. You can create user groups tailored to each task, register users, and attach appropriate policies to grant the same permissions to users and manage them.

User

Administrators can create users and add them to user groups. They can generate a user’s password automatically or manually, and provide the user with account-specific login information.

User Policy

You can create policies for the functions provided by each service. Access control can be managed based on control type, applied resources, and authentication type.

role

It is a virtual user account with separate permissions, not affected by the permissions of the original user account.

Preceding Service

Identity and Access Management(IAM) has no prerequisite service.

Release Note
How-to Guides