This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Overview

    Service Overview

    IAM (Identity and Access Management) is a service that controls the accessible range of services and resources by verifying the identity of registered users on the Samsung Cloud Platform and granting access rights. Administrators can create and manage user, permission group, policy, and role items in detail through IAM.

    The user can create a new user if they are a Root user or a user who has been granted user registration authority from the Root user. Policies cannot be directly granted to users, but by adding users to a user group and linking policies to that user group, specific users can be granted access or management rights to resources. In other words, the tasks that can be performed within an Account vary depending on which user group the user belongs to and which policies are linked to that user group.

    Provided Features

    IAM provides the following features.

    • User Authentication: Provides multi-factor authentication (MFA) when accessing the console and API, and also blocks unauthorized access by only allowing access from permitted IP ranges.
    • Access Control: Users are added to user groups based on their tasks to limit their access rights to the parts necessary for their tasks. Administrators can manage and grant custom policies.
    • Role Management: You can switch to another role from your account to access the Account.
    • Credential Provider Supplied: It can be accessed and used in the Console Account through the credential provider.
    • Access Control Policy Management: Creates access control policies for each service, including control/action/resource type and authentication method/IP. This enables the application of the principle of least privilege when granting access rights to cloud resources, allowing for access control based on user.

    Component

    The user can create and manage user groups, users, and policies through Identity and Access Management(IAM).

    User Group

    In the user group, you can register users and add policies. You can register users by forming a user group suitable for each task, and grant and manage the same authority to users by linking a policy suitable for the task.

    User

    The administrator can create users and add them to user groups. The administrator can automatically generate or directly create a user’s password and provide account access information to the user.

    User Policy

    You can create policies for services provided. Authority management is possible according to control type, applied resources, and authentication type.

    Role

    It is fictional user information with separate permissions, and is not affected by the permissions of the original user account.

    Preceding service

    Identity and Access Management(IAM) has no preceding service.