This is the multi-page printable view of this section. Click here to print.
ID Center
1 - Overview
Service Overview
ID Center is a service that enables easy centralized management of access permissions for resources by account on the Samsung Cloud Platform. You can create permission policies for each service and assign accounts and policies linked to the Organization service to users, enabling management of tasks according to each user’s permissions.
Features
- Easy Access Permission Management: Through SAML (Security Assertion Markup Language) based credential authentication, you can receive authentication and authorization from Samsung Cloud Platform and access resources of multiple accounts within the organization.
- Efficient Account Management: By integrating with the Organization service, you can centrally manage the costs and resource usage incurred by all Accounts within the organization.
- Account Security Enhancement: Instead of the Samsung Cloud Platform Console, you can strengthen security by using the separately provided Access Portal so that only authorized ID Center users can access. Through the Access Portal, you can fundamentally prevent users outside the customer organization from accessing the Account.
Configuration
Provided features
ID Center provides the following functions.
- User and User Group Management: You can create users and user groups and configure service-specific permission management policies. Users are required to have MFA (Multi-Factor Authentication) applied, strengthening the management of Account access.
- Account Allocation Management: You can assign and manage Accounts corresponding to each user’s tasks.
- Permission Set Management: You can create and manage permission sets by using the default policies or custom policies that exist in each Account, or by configuring policies directly.
- Access Portal Provision: Provides an Access Portal that can be used instead of the Samsung Cloud Platform Console, allowing only ID Center users to access it.
Component
User
Administrators can create users and add them to user groups. They can generate passwords automatically or manually, and provide users with Access Portal login information. Additionally, users can be assigned to accounts according to their respective tasks.
User Group
You can link users and Accounts through user groups. You can create user groups appropriate for each task, register users, and assign them to Accounts.
Permission Set
You can create permission sets by using the default policies and custom policies that exist in the Account, or by configuring policies directly.
Provision status by region
ID Center is available in the environments below.
| Region | Whether provided |
|---|---|
| Korea West (kr-west1) | Provide |
| Korea East (kr-east1) | Provide |
| South Korea South 1 (kr-south1) | Provide |
| South Korea South 2 (kr-south2) | Provide |
| South Korea 3 (kr-south3) | Not provided |
Preceding Service
This is a list of services that must be pre-configured before creating the service. Please refer to the guide provided for each service for details and prepare in advance.
| Service Category | Service | Detailed description |
|---|---|---|
| Management | Organization | A service that organizes accounts by organizational units, manages them hierarchically, and controls resource access permissions. |
2 - How-to guides
Users can create the service by entering the required ID Center information and selecting detailed options through the Samsung Cloud Platform Console.
Create ID Center
You can create and use an ID Center in the Samsung Cloud Platform Console.
To create an ID Center, follow these steps.
Click the All Services > Management > ID Center menu. Navigate to the Service Home page of ID Center.
On the Service Home page, click the ID Center Apply button. Navigate to the ID Center Create page.
After entering the basic information on the ID Center creation page, click the Create button.
Category RequiredDetailed description ID Center name Required Enter the ID Center name - English letters, numbers, and special characters(
+=-_@,.) within 3 to 128 characters
description Select Enter a description of the organizational unit within 1,000 characters. Credential source Required Select credential source type - ID Center’s own directory: Use a directory within ID Center
- AD (Active Directory): Use an Active Directory managed directly by the user
- For details on the settings when selected, see Change Credential Source Type
- Automatically synchronize AD information upon creation
Table. ID Center creation basic information- English letters, numbers, and special characters(
When the popup notifying the creation of the ID Center opens, click the Confirm button.
On the Service Home page, view the ID Center dashboard.
Category Detailed description ID Center information Display the name, ID, and Access Portal URL of the ID Center - Click the ID Center Information item to go to the ID Center Settings page and view detailed ID Center information
User Number of users created in ID Center - Click the user count to go to the User List page
- Click the Create item to go to the User Creation page. Create User reference
User group Number of user groups created in ID Center - Click the group count to go to the User Group List page
- Click the Create item to go to the User Group Creation page. Refer to 사용자 그룹 생성하기
Permission set Number of permission sets created in ID Center - Click the permission set count to go to the Permission Set List page
- Click the Add item to go to the Create Permission Set page. Create Permission Set see
Table. ID Center Service Home Dashboard Items
Check ID Center detailed information
You can view detailed information of the ID Center and manage permissions.
Follow these steps to view detailed information of the ID Center and manage permissions.
- Click the All Services > Management > ID Center menu. Navigate to the Service Home page of ID Center.
- On the Service Home page, click the ID Center Settings menu. You will be taken to the ID Center Settings page.
Category Detailed description Delete ID Center Button to delete ID Center - Not displayed on delegated Account
Service Service name Resource Type Resource Type SRN Unique resource ID in Samsung Cloud Platform Resource name Resource Name Resource ID Unique resource ID in the service constructor User who created the service Creation Timestamp Service creation timestamp Editor User who edited the service information Modification date and time Date and time the service information was modified ID Center name ID Center name - Click the Edit button to change the usage status
Region Region where the ID Center was created Explanation Description of ID Center - Edit button can be clicked to change usage status
Organization ID Organization ID Credential source Credential source type - Click the Edit button to change the credential source type
- ID Center native directory: Directory within ID Center
- AD (Active Directory): Active Directory managed directly by the user
- AD Reset: A Reset AD Information popup opens, allowing AD information to be edited
- For details on the settings, refer to Changing Credential Source Type
- After the reset is complete, proceed with synchronization
- Synchronization: Synchronize with AD
- AD Reset: A Reset AD Information popup opens, allowing AD information to be edited
Access Portal URL URL to access the Access Portal Delegated authority Display the Account name, Account ID, Email, and Delegation time of the account that delegated management authority in ID Center - For delegated accounts, the managing account’s information is displayed, and permission delegation or cancellation is not possible
- Permission delegation: Allows delegating permission to an account within ID Center
- Displayed when there is no delegation information
- When the button is clicked, you can select an account on the Permission delegation page to set up delegation
- For more details, see Permission delegation
- Cancel permission delegation: Cancel the permission delegation
Table. ID Center configuration items
Managing Credential Sources
You can change the credential source type or modify and manage the settings for the AD (Active Directory) type.
AD (Active Directory) Apply for Integration
If you want to use an AD (Active Directory) that the user manages directly, you must first prepare the VPC and Load Balancer, then submit a request through SR. To apply for AD integration, follow these steps.
Secure a VPC to integrate with the user’s AD.
- If a network connection is required, connect to the network where the user’s AD resides via the Direct Connect service.
- For more details, refer to Direct Connect Create.
Configure the Load Balancer.
- Create a Load Balancer and an LB server group.
- Add the IP that will be associated with AD as a member of the LB server group’s connected resource.
- Create a Listener from the Load Balancer’s connected resources and attach the LB server group.Information
- Through the Load Balancer service, the call information for AD synchronization from ID Center can traverse the user’s VPC and invoke the user’s AD.
- For detailed information on creating and using the Load Balancer service, see Using the Load Balancer service.
Configure a PrivateLink Service in the user’s VPC.
- Create a PrivateLink Service for the user VPC that will be called from ID Center.
- When creating a PrivateLink Service, select the Load Balancer created in step 2 as the connection resource.
When the preparation work is finished, click the All Services > Management > Support Center menu. You will be taken to the Service Home page.
On the Service Home page, click the Service Request menu. You will be taken to the Service Request List page.
On the Service Request List page, select and enter the information required for the service request.
Category Required statusDetailed description Title Required Enter a title for the service request - using Korean, English, numbers, and special characters (
+=,.@-_) within 64 characters
Region Required Select the region for the service request Service Required Management service group’s ID Center service selection Task classification Required ID Center AD Integration Request Select content Required Enter information for ID Center AD integration application Table. ID Center AD linked application items- using Korean, English, numbers, and special characters (
Check the input information and click the Request button.
- When creation is complete, check the Service Request List page.
Changing the credential source type
You can change the credential source or modify the configuration values.
To change the credential source type, follow these steps.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the ID Center Settings menu. Navigate to the ID Center Details page.
On the ID Center Details page, click the Edit button of the Credential Source item. The Change Credential Source popup will open.
After selecting the credential source type to use, click the Confirm button. A popup notifying the credential source change will open.
Category Detailed description ID Center’s own directory Use directory within ID Center - No separate configuration items
AD (Active Directory) Use a user-managed Active Directory - Connection URL: Enter the LDAP server address (e.g.,
ldap://orldaps:)
- Bind DN: Enter the DN (Distinguished Name) of the administrator or service account used to access the LDAP server
- Bind credentials: Enter the password for the account corresponding to the Bind DN
- User DN: Enter the directory path where user accounts are located (e.g.,
OU=Employees,OU=Accounts,DC=sub,DC=org)
- Username LDAP attribute: Enter the attribute that identifies the user account (e.g.,
sAMAccountName,uid)
- RDN LDAP attribute: Enter the RDN (Relative Distinguished Name, the top-level attribute in the user DN)
- User object classes: Enter a comma‑separated list of LDAP classes that define user objects (e.g.,
,) (example:persion,organizationPersion,usersAMAccount)
Table. Credential source type change itemsCheck the precautions for changes, check the checkbox, and then click the Confirm button. Go to the Service Home page to start changing the credential source type.
- The change time varies depending on the scale, and you can confirm it via a notification once the change is complete.
- You cannot navigate to another menu page while changes are being made.
Synchronize AD (Active Directory) Information
You can synchronize AD information.
- AD information is automatically synchronized daily from 00:00 to 06:00 (Asia/Seoul, GMT +09:00).
- If a new AD connection is required, click the AD Reset button to change the AD information, then synchronize.
To synchronize AD information, follow these steps.
- Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
- On the Service Home page, click the ID Center Settings menu. You will be taken to the ID Center Details page.
- On the ID Center Detail page, click the Sync button next to the synchronization time of the Credential Source item. The AD Information Sync popup opens.
- After reviewing the synchronization notification, click the Confirm button. AD information synchronization will begin.
- The change time varies depending on the scale.
Manage Permissions
You can delegate the ID Center’s administrative privileges to another account, or revoke previously delegated privileges.
Delegating Permissions
You can delegate the administrative rights of the ID Center to another account.
To delegate administrative privileges to another account, follow these steps.
- Click the All Services > Management > ID Center menu. Navigate to the Service Home page of ID Center.
- From the Service Home page, click the ID Center Settings menu. Navigate to the ID Center Details page.
- On the ID Center Details page, click the Permission Delegation button. You will be taken to the Permission Delegation page.
- The Delegate Permission button is displayed only when there is no Account that has delegated the current permission.
- On the Permission Delegation page, select the Account to which you want to delegate permissions, then click the Complete button.
Category Detailed description Account name Account name Account ID Account ID email Account email Additional date/time Account creation or registration time in the organization Additional type Method of adding an Account in the Organization - Create: Add a new Account on the Add Account page
- Sign up: Add an existing Account
Table. ID Center Delegated Authority Account List
Cancel delegation
You can revoke the ID Center’s administrative permissions that were delegated to another account.
To revoke delegated administrative rights, follow these steps.
- Click the All Services > Management > ID Center menu. Navigate to the Service Home page of ID Center.
- On the Service Home page, click the ID Center Settings menu. Navigate to the ID Center Details page.
- On the ID Center Details page, click the Cancel Delegation button.
- When the popup notifying the revocation of delegated authority opens, click the Confirm button.
Delete ID Center
To delete the ID Center, follow these steps.
- Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
- Click the ID Center Settings menu on the Service Home page. Navigate to the ID Center Settings page.
- On the ID Center Settings page, click the ID Center Delete button. The ID Center Delete popup window opens.
- Delete ID Center In the popup window, enter the name of the ID Center to delete, then click the Confirm button. You will be redirected to the Service Home page.
- The deletion time for the ID Center varies depending on the size, and you can confirm completion via a notification.
- You cannot navigate to other menu pages while the ID Center is being deleted.
2.1 - Managing ID Center Users
You can view and manage users in the ID Center.
Create User
You can create a user and add it to the ID Center. To create a user, follow these steps.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the User menu. You will be taken to the User List page.
User List page, click the Create User button. It navigates to the Create User page.
On the User Creation page, after entering the basic and additional information, click the Create button.
Category Required statusDetailed description username Required Enter the user’s name - using English letters, numbers, and special characters (
+=-_@,.) within 128 characters
- The username cannot be changed after creation
description Selection Enter a description of the user within 1,000 characters Password Required Select password creation method - Auto-generate: Automatically generate the password and provide it in a popup when user creation is completed
- Manual entry: Refer to the password creation rules and enter it manually
User real name Required Enter the user’s full name as their real name Enter affiliation information Select Enter the division, department, manager, and employee number information each within 128 characters. Select user group Selection Select the user group to which the user will be added - To create a user group, refer to Create a user group
Table. User-generated informationPassword creation rules- It must contain at least one uppercase letter (English), one lowercase letter (English), one digit, and one special character (
!@#$%&*^). - The length is 9 to 20 characters.
- ID or username cannot be used as a password.
- You cannot use the same character more than three times.
- You cannot use passwords that are easy to guess.
- You cannot use a password that was recently used.
- Sequences of four or more consecutive characters or digits are not allowed.
- The password change cycle is 90 days.
- using English letters, numbers, and special characters (
When the popup notifying user addition opens, click the Create button. The ID Center user login information popup opens.
After verifying the ID Center user login information, click the Confirm button.
Category Detailed description Access Portal URL URL information for accessing the Access Portal Username Generated username Password Generated user’s password - View Click the icon to view the password
Excel download Download ID Center user login information as an Excel file Email sending Send an Excel file containing ID Center user login information via email - After clicking the button, enter the address to receive the email
Table. ID Center user login information items
Check user detailed information
You can view and manage detailed information about users, user groups, and account information. To view detailed user information, follow these steps.
- Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
- On the Service Home page, click the User menu. It navigates to the User List page.
- On the User List page, click the user name to view detailed information. You will be taken to the User Details page.
- User Details page displays basic information and consists of Basic Information, User Group, Account tabs.
Basic Information
Check the user’s basic information, and if necessary, edit the user’s description and options.
| Category | Detailed description |
|---|---|
| Delete user | User deletion button
|
| username | User’s name |
| User real name | User’s actual name
|
| description | Description of the username
|
| Last login | The date and time of the user’s last login |
| Password | Date and time of the last password change
|
| Password reuse restriction | Number of recent passwords that cannot be set as a password
|
Email verification status
| |
| mobile phone number | Mobile phone number verification status |
| Affiliation information | User’s division, department, manager, and employee number information
|
User Group
The user can view the registered user groups and, if necessary, add or remove user groups.
| Category | Detailed description |
|---|---|
| Exclude | Exclude the selected user group from the user group list
|
| Add user group | Add a user group to register users
|
| User group name | Name of the user group |
| description | Description of the user group |
| Modification date and time | User group modification timestamp |
Account
Verify the Account assigned to the user, and, if necessary, add a permission set or assign an Account.
- For detailed information about Permission Set, see the Permission Set.
- For detailed information about Account Allocation, please refer to Account Allocation.
| Category | Detailed description |
|---|---|
| Add permission set | Add a new permission set to the Account
|
| More > Exclude all direct applications | Exclude all permission sets directly applied to the Account
|
| Account allocation | Assign a new Account to the user
|
| Account name | Account name |
| Permission set | Number of permission sets applied to the Account
|
| Application method | Account permission set application method
|
Change Password
You can change the user’s password. To change a user’s password, follow these steps.
- Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
- On the Service Home page, click the User menu. You will be taken to the User List page.
- On the User List page, click the username whose password you want to change. You will be taken to the User Details page.
- On the User Details page, click the Edit button for the Password field. The Password Reset popup will open.
- Password Reset After setting the password in the popup window, click the Confirm button. The ID Center User Login Information popup window will open.
- Auto Generation: Automatically generate a password
- Direct Input: Manually input according to the password creation rules
- It must include at least one uppercase letter (English), one lowercase letter (English), one digit, and one special character (
!@#$%&*^). - The length is 9 to 20 characters.
- ID or username cannot be used as a password.
- You cannot use the same character more than three times.
- You cannot use passwords that are easy to guess.
- You cannot use a password that was recently used.
- Sequences of four or more consecutive characters or digits are not allowed.
- The password change interval is 90 days.
- ID Center User Login Information After checking the user information in the popup window, click the Confirm button.
Category Detailed description Access Portal URL URL information for accessing the Access Portal Username Generated user name Password Generated user’s password - View Click the icon to view the password
Excel download Download ID Center user login information as an Excel file Email sending Send an Excel file containing ID Center user login information via email - After clicking the button, enter the address to receive the email
Table. ID Center user login information items
Add User Group
You can add a new user group. To add a user group, follow the steps below.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the User menu. You will be taken to the User List page.
On the User List page, click the username to add to the user group. You will be taken to the User Details page.
On the User Details page, click the User Group tab. The User Group list will be displayed.
Click the Add User Group button. You will be taken to the Add User Group page.
On the Add User Group page, select the user group you want to add from the list, then click the Done button.
Category RequiredDetailed description Added user group - Name of the user group added by the user User group Required Select the user group to add users to - When selected, add to the Added User Group item
Table. Add User Group ItemWhen the popup that notifies the addition of a user group opens, click the Confirm button.
Add Permission Set
You can add a permission set to the Account. To add a permission set to an Account, follow these steps.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the User menu. You will be taken to the User List page.
User List page, click the username to add a permission set. You will be taken to the User Details page.
On the User Details page, click the Account tab. The Account list is displayed.
From the Account list, select the Account to which you want to add a permission set, then click the Add Permission Set button. You will be taken to the Add Permission Set page.
On the Add Permission Set page, select the permission set you want to add from the permission set list, then click the Done button.
Category Required statusDetailed description Selected Account - Account name to add permission set Applied permission set - Name of the permission set applied to the selected account Permission set Required Select one or more permission sets to apply to the Account - When selected, add to the Applied Permission Set item
Table. Add permission set itemWhen the popup that notifies the addition of a permission set opens, click the Confirm button.
Allocate Account
You can assign a new Account to the user. To assign a new Account, follow the steps below.
Click the All Services > Management > ID Center menu. You will be taken to the Service Home page of ID Center.
On the Service Home page, click the User menu. You will be taken to the User List page.
On the User List page, click the user name to assign an Account. You will be taken to the User Details page.
On the User Details page, click the Account tab. The Account list will be displayed.
Click the Account Allocation button. You will be taken to the Account Allocation page.
On the Account Assignment page, after selecting the Account to assign and the permission set to apply to the Account, click the Complete button.
Category Required statusDetailed description Select Account Required Select Account to assign to the user - View hierarchy: Display Accounts in an organizational hierarchy format
- View Account list: Display Accounts in a list format
Select permission set Required Select the permission set to apply to the selected Account Table. User Account Assignment ItemsInformationIf there is no IAM policy name that matches the custom policy name of the selected permission set, you cannot assign the account.When the pop-up notifying that the Account assignment has been added to the user group opens, click the Confirm button.
Delete User
To delete a user, follow the steps below.
- Click the All Services > Management > ID Center menu. Navigate to the Service Home page of ID Center.
- On the Service Home page, click the User menu. It navigates to the User List page.
- Please select at least one user to delete from the user list.
- After confirming the selected users, click the Delete button.
- You can also delete individually from the User Details page of the user to be deleted.
- When the popup notifying user deletion opens, click the Confirm button.
2.2 - Managing ID Center User Groups
You can view and manage user groups in ID Center.
Create User Group
You can create a user group and add it to the ID Center. To create a user group, follow these steps.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the User Group menu. You will be taken to the User Group List page.
Click the Create User Group button on the User Group List page. You will be taken to the Create User Group page.
On the User Group Creation page, after entering the basic and additional information, click the Create button.
Category Required statusDetailed description User group name Required Enter the user group name - using English letters, numbers, and special characters (
+=-_@,.) within 3 to 30 characters
description Selection Enter a description of the user group within 1,000 characters. Add user Select Select users to add to the user group - Display the list of users registered in the Account
- To create a new user, see Create User
- If the user you want to add does not exist when linking with AD, add the user in the AD provider and go to the ID Center Settings > Credential Source page to perform synchronization
Table. User Group Creation Information- using English letters, numbers, and special characters (
When the popup notifying the addition of a user group opens, click the Confirm button.
View detailed information of user group
You can view and manage detailed information about user groups, as well as user group and account information.
To view detailed information about a user group, follow these steps.
- Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
- On the Service Home page, click the User Group menu. You will be taken to the User Group List page.
- On the User Group List page, click the user group name whose details you want to view. You will be taken to the User Group Details page.
- The User Group Detail page displays basic information and consists of Basic Information, User, and Account tabs.
Basic Information
You can view the basic information of a user group and, if necessary, edit its description and options.
| Category | Detailed description |
|---|---|
| Delete user group | Button to delete a user group |
| User group name | Name of the user group |
| User Group ID | User group ID |
| constructor | User who created the service |
| Creation date and time | Service creation date and time |
| Editor | User who edited the service information |
| Modification date and time | Date and time the service information was modified |
| User group name | User group name
|
| Explanation | Description of the user group name
|
User
You can view the users registered in a user group and, if necessary, add or remove users.
| Category | Detailed description |
|---|---|
| Exclude | Exclude the selected user(s) from the user list
|
| Add user | Add a user group to register
|
| Username | User’s name |
| User group | Number of user groups the user is registered in |
| Creation date and time | User creation timestamp |
Account
Check the Account assigned to the user, and if necessary, you can add a permission set or assign an Account.
- For detailed information about Permission Set, see the 권한 세트.
- Account Allocation for detailed information, please refer to Account Allocation.
| Category | Detailed description |
|---|---|
| Add permission set | Add a new permission set to the Account
|
| More > Cancel Assignment | Cancel the assignment of the selected Account
|
| Account allocation | Assign a new Account to the user group
|
| Account name | Account name |
| Permission set | Number of permission sets applied to the Account
|
Add User
You can add a new user to a user group. To add a user, follow these steps.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the User Group menu. You will be taken to the User Group List page.
User Group List page, click the user group name to which you want to add a user. You will be taken to the User Group Details page.
On the User Group Details page, click the User tab. The user list will be displayed.
Click the Add User button. You will be taken to the Add User page.
After selecting the user you want to add from the user list on the Add User page, click the Done button.
Category Required statusDetailed description Added user - Name of the user group added user Required User groups without added users - Display list of users registered in the Account
- When selected, add to Added User item
- To create a new user, see Create User
- If there is no user to add when linking with AD, add the user at the AD provider and go to ID Center Settings > Credential Source page to synchronize
Table. Add User ItemVerify that the added user appears in the list.
Add Permission Set
You can add a permission set to the Account. To add a permission set to an Account, follow these steps.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the User Group menu. You will be taken to the User Group List page.
Click the user group name to which you want to add a permission set on the User Group List page. You will be taken to the User Group Details page.
On the User Group Details page, click the Account tab. Account list will be displayed.
From the Account list, select the Account to which you want to add a permission set, then click the Add Permission Set button. You will be taken to the Add Permission Set page.
On the Add Permission Set page, select the permission set you want to add from the list, then click the Done button.
Category Required statusDetailed description Selected Account - Account name to add permission set Applied permission set - Name of the permission set applied to the selected account Permission set Required Select one or more permission sets to apply to the Account - When selected, add to the Applied Permission Set item
Table. Add permission set itemVerify that the added permission set has been applied to the Account.
Allocate Account
You can assign a new Account to a user group. To assign a new Account, follow the steps below.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the User Group menu. You will be taken to the User Group List page.
User Group List page, click the user group name to assign an Account. You will be taken to the User Group Details page.
On the User Group Details page, click the Account tab. The Account list will be displayed.
Click the Account Allocation button. You will be taken to the Account Allocation page.
On the Account Assignment page, after selecting the Account to assign and the permission set to apply to the Account, click the Complete button.
Category Required or notDetailed description Select Account Required Select Account to assign to user group - View hierarchy: Display Accounts in an organizational hierarchy
- View account list: Display Accounts in a list format
Select permission set Required Select the permission set to apply to the selected Account Table. Account Assignment ItemsinformationIf there is no IAM policy name that matches the custom policy name of the selected permission set, you cannot assign the Account.Verify that the added Account has been assigned to the user.
Delete user group
To delete a user group, follow the steps below.
- Click the All Services > Management > ID Center menu to go to the ID Center’s Service Home page.
- On the Service Home page, click the User Group menu. You will be taken to the User Group List page.
- Select at least one user group to delete from the user group list.
- After confirming the selected user group, click the Delete User Group button.
- You can also delete individually from the User Group Details page of the user group to be deleted.
- When the popup notifying that a user group has been deleted opens, click the Confirm button.
2.3 - Assigning ID Center Account
You can view the Account in ID Center and assign it to a user or user group.
Allocate Account
You can assign an Account to a user or a user group.
To assign an Account, follow these steps.
Click the All Services > Management > ID Center menu. Navigate to the Service Home page of ID Center.
On the Service Home page, click the Account Assignment menu. You will be taken to the Account List page.
On the Account List page, select the Account to assign, then click the Assign to User or Group button. You will be taken to the Assign to User or Group page.
Assign to Users or Groups on the Select Assignment Target area, after selecting the assignment target, click the Next button.
- You must select at least one user or user group to assign the account.
Category Requirement statusDetailed description Account to assign - Name of the Account to assign to a user or user group User Select Select the user to assign the account User group Select Select the user group to assign the Account Table. Account assignment target selection
- You must select at least one user or user group to assign the account.
In the Permission Set Selection area, select the permission set to apply to the Account, then click the Next button.
Category Required statusDetailed description Account to assign - Name of the Account to assign to a user or user group Permission set Required Select one or more permission sets to apply to the Account. Table. Account permission set selection itemsIn the Input Information Confirmation area, after verifying the assignment target and permission set, click the Complete button.
When the pop-up notifying the Account allocation opens, click the Confirm button.
Check account detailed information
You can view and manage detailed information about the account, its assignment targets, and permission sets.
To view the detailed information of the Account, follow these steps.
- Click the All Services > Management > ID Center menu. Navigate to the Service Home page of ID Center.
- On the Service Home page, click the Account Assignment menu. You will be taken to the Account Information page.
- Account Information page, click the Account for which you want to view detailed information. You will be taken to the Account Details page.
- Account Details page displays basic information, and consists of Basic Information, Assignment Target, Permission Set tabs.
Basic Information
You can view the basic information of the Account.
| Category | Detailed description |
|---|---|
| Account name | Account name |
| Account ID | Account ID |
| constructor | User who created the Account |
| Creation date | Account creation date and time |
| Editor | User who modified the Account |
| Modification date and time | Date and time the account was modified |
allocation target
You can view and manage the users and user groups assigned to an Account.
| Category | Detailed description |
|---|---|
| Unassign | Cancel the Account assignment for the selected user or user group
|
| More > Add Permission Set | Add a permission set to the selected Account
|
| Assign to user or group | Assign the selected Account to a new user or user group
|
| Allocation target name | Name of the allocation target |
| Target type | Type of assignment target (user, user group) |
| Permission set | Number of permission sets applied to the Account
|
Permission Set
You can check the permission sets applied to the Account and, if necessary, exclude them.
| Category | Detailed description |
|---|---|
| Exclude permission set | Exclude the selected permission set from the Account
|
| Permission set name | Name of the permission set |
| Explanation | Description of the permission set |
| Modification date and time | Date and time the permission set was last modified |
Add Permission Set
You can add a permission set to an account assigned to a user or user group.
To add a permission set to an Account, follow these steps.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the Account Assignment menu. You will be taken to the Account List page.
On the Account list page, click the Account to assign. You will be taken to the Account details page.
On the Account Details page, click the Allocation Target tab. The allocation target list will be displayed.
After selecting the assignment target to which you want to add a permission set from the assignment target list, click the More > Add Permission Set button. You will be taken to the Add Permission Set page.
Add Permission Set From the permission set list on the page, select the permission set you want to add, then click the Done button.
Category Required statusDetailed description allocation target - Name of the assignment target to add the permission set Applied permission set - Name of the permission set applied to the selected account Permission set Required Select one or more permission sets to apply to the Account - When selected, add to the Applied Permission Set item
Table. Add Permission Set ItemWhen the popup notifying that a permission set has been added opens, click the Confirm button.
Verify that the added permission set has been applied to the Account.
Add assignment to user or group
You can assign an additional Account to new users or user groups.
To assign an Account to a new user or user group, follow these steps.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the Account Assignment menu. You will be taken to the Account List page.
On the Account List page, click the Account to assign. You will be taken to the Account Details page.
On the Account Details page, click the Allocation Target tab.
In the Assignment Target tab, click the Assign to User or Group button. You will be taken to the Assign to User or Group page.
After selecting the allocation target in the Select Allocation Target area, click the Next button.
- You must select at least one user or user group to assign the Account to.
Category Whether requiredDetailed description Assigned user - Current user name assigned to the Account User Select Select the user to assign to the Account - When selected, add to the Assigned User field
- To create a new user, refer to Create User
- If the user you want to add does not exist when linking with AD, add the user in the AD provider and go to the ID Center Settings > Credential Source page to perform synchronization
Assigned user group - Current user group name assigned to the Account User group Select Select the user group to assign the Account - When selected, add to the Assigned User Group item
Table. Account assignment target selection
- You must select at least one user or user group to assign the Account to.
In the Permission Set Selection area, select the permission set to apply to the Account, then click the Next button.
Category Required statusDetailed description Permission set Required Select one or more permission sets to apply to the Account Table. Account permission set selection itemsIn the Input Information Confirmation area, after checking the assignment target and permission set, click the Complete button.
When the pop-up notifying the Account allocation opens, click the Confirm button.
Cancel Account Assignment
To cancel an Account assignment for a user or user group, follow these steps.
- Click the All Services > Management > ID Center menu. You will be taken to the Service Home page of ID Center.
- On the Service Home page, click the Account Assignment menu. You will be taken to the Account List page.
- On the Account List page, click the Account to assign. You will be taken to the Account Details page.
- On the Account Details page, click the Allocation Target tab. The allocation target list is displayed.
- After selecting the assignment target to cancel the Account assignment from the assignment target list, click the Cancel Assignment button.
- When the popup notifying that the Account allocation has been canceled opens, click the Confirm button.
2.4 - Managing ID Center Permission Sets
You can view and manage the permission sets of the ID Center.
Create Permission Set
You can create a permission set and add it to ID Center. To create a permission set, follow these steps.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the Permission Set menu. You will be taken to the Permission Set List page.
On the Permission Set List page, click the Create Permission Set button. You will be taken to the Create Permission Set page.
On the Create Permission Set page, after entering the basic information in the Basic Information Input area, click the Next button.
Category Required statusDetailed description Permission set name Required Enter the permission set name - using English letters, numbers, and special characters (
+=-_@,.) within 32 characters
description Select Enter a description of the permission set within 1,000 characters Maximum session duration Required Enter the session time allowed for the user when accessing the Console via the Access Portal - Select time: 1 hour, 2 hours, 4 hours, 8 hours, 12 hours
- Enter duration: can be entered in seconds ranging from 3,200 seconds (1 hour) to 43,200 seconds (12 hours)
Table. Permission set basic information items- using English letters, numbers, and special characters (
Permission Set Settings area, select the policy to use and configure the policy, then click the Next button.
Category Required statusDetailed description Default policy Selection Connect the default policies offered by the Samsung Cloud Platform Console - After selecting the Use item, select the default policy to associate with the permission set from the list
Custom policy Select Connect a custom policy created under the Account - Select the Use item, then directly enter the custom policy to attach to the permission set
- The permission set cannot be applied to Accounts that lack an IAM policy name matching the entered custom policy name
Inline policy Select Directly set the policies to apply to the permission set - Use after selecting the item, configure according to the policy setting mode
- Default mode: Configure using the mode provided by the Console. Refer to 인라인 정책 생성하기
- JSON mode: Directly configure using the JSON Editor
Table. Permission set configuration itemsguideA permission set can be linked with up to 20 policies in total, combining default and custom policies.In the Input Information Confirmation area, after reviewing the basic information and permission policies of the permission set, click the Create button.
When the popup notifying the creation of a permission set opens, click the Confirm button.
View permission set details
You can view and manage detailed information about permission sets, user groups, and account information. To view the detailed information of a permission set, follow these steps.
- Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
- On the Service Home page, click the Permission Set menu. You will be taken to the Permission Set List page.
- On the Permission Set List page, click the permission set whose details you want to view. You will be taken to the Permission Set Details page.
- The Permission Set Details page displays basic information and consists of Basic Information, Permissions, Account tabs.
Basic Information
You can view and edit the basic information of the permission set.
| Category | Detailed description |
|---|---|
| Delete permission set | Delete permission set button |
| Service | Service name |
| Resource Type | Resource Type |
| SRN | Unique resource ID in Samsung Cloud Platform |
| Resource name | resource name
|
| Resource ID | Unique Resource ID |
| constructor | User who created the service |
| Creation date | Service creation timestamp |
| Editor | User who edited the service information |
| Modification date and time | Date and time the service information was modified |
| Permission set name | Policy name |
| Maximum session duration | Session time allowed for users when entering the Console via Access Portal
|
| description | Description of the policy name
|
Permission
You can view and manage policies attached to a permission set.
| Category | Detailed description |
|---|---|
| Default policy | Default policies attached to the permission set
|
| Custom policy | Custom policies attached to the permission set
|
| Inline policy | Service name of the inline policy attached to the permission set
|
Account
You can view and edit the Account information of a permission set.
| Category | Detailed description |
|---|---|
| Account name | Account name |
| Account ID | Account ID |
| Account email |
Connect the default policy
You can attach a new default policy to a permission set. To link the default policy, follow the steps below.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the Permission Set menu. You will be taken to the Permission Set List page.
On the Permission Set List page, click the permission set to which you want to attach the default policy. You will be taken to the Permission Set Details page.
On the Permission Set Details page, click the Permission tab.
In the Default Policy area, click the Policy Connection button. Navigate to the Default Policy Connection page.
On the Basic Policy Connection page, select the policy you want to link from the default policy list, then click the Complete button.
Category RequiredDetailed description Linked default policy - Default policy name attached to the permission set Default policy connection Required Select the default policy to attach to the permission set - When selected, add to the Connected Default Policy item
Table. Attach default policy to permission set itemWhen the popup notifying the policy connection opens, click the Confirm button.
Connecting a custom policy
You can attach a new custom policy to a permission set. To link a custom policy, follow these steps.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the Permission Set menu. You will be taken to the Permission Set page.
Permission Set List page, click the permission set to attach a custom policy. You will be taken to the Permission Set Details page.
On the Permission Set Details page, click the Permission tab.
In the Custom Policy area, click the Policy Connect button. You will be taken to the Custom Policy Connect page.
On the Custom Policy Connection page, select the policy you want to connect from the custom policy list, then click the Done button.
Category Whether requiredDetailed description Attached custom policy - Default policy name attached to the permission set Custom policy association Required Directly enter a custom policy to attach to the permission set - When selected, add to the Attached Custom Policy item
- Click the Add button to further enter custom policies to attach
Table. Attach a custom policy to a permission set itemWhen the popup notifying the policy connection opens, click the Confirm button.
Create Inline Policy
You can modify the inline policy attached to the permission set. To modify the inline policy, follow these steps.
Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
On the Service Home page, click the Permission Set menu. You will be taken to the Permission Set List page.
Permission Set List page, click the permission set to edit the inline policy. You will be taken to the Permission Set Details page.
On the Permission Set Details page, click the Permission tab.
In the Inline Policy area, click the Create Policy button. You will be taken to the Create Inline Policy page.
Inline Policy Creation page’s Permission Settings area, after selecting the policy configuration method and the service to apply, click the Next button.
Category Required statusDetailed description Basic mode/JSON mode Required Select the policy configuration method - Default mode: Configure using the mode provided by the Console
- JSON mode: Configure directly using the JSON Editor
Service Required Select the service to set the policy - Add Service: Add a service to configure the policy
Table. Inline policy creation - Service configurationCautionThe policy settings provide Basic Mode and JSON Mode.
- After writing in Basic Mode and entering JSON Mode or navigating the screen, services with duplicate control requirements are consolidated into one, and services that have not completed configuration are deleted.
- If the content written in JSON mode does not conform to JSON format, you cannot switch to basic mode.
After setting the permissions, click the Next button.
- To register an individual resource as an applied resource, refer to Register an individual resource as an applied resource and proceed.
Category Whether requiredDetailed description Control type Required Select policy control type - Allow policy: A policy that permits the defined permissions
- Deny policy: A policy that denies the defined permissions
Action Required Select actions provided for each service - Actions that can select individual resources are shown in purple
- Actions that target all resources are shown in black
- Add Action Directly: You can specify multiple actions at once using the wildcard
*
Applied resource Required Resources to which the action applies - All resources: Apply to all resources for the selected action
- Individual resources: Apply only to the specified resources for the selected action
- Individual resources are only available when selecting the purple action that allows individual resource selection
- Click the Add resource button to specify target resources by resource type
- For more details on Add resource, see Register individual resources as applicable resources
Authentication Type Required Authentication method of the user target to which the policy will be applied - All authentication: Applied regardless of authentication method
- Authentication key authentication: Applied to users authenticated with an authentication key
- Temporary key authentication, Console login: Applied to users with temporary key authentication or Console login
Applied IP Required IP allowed for policy application - Custom IP: User registers and manages the IP directly
- Applied IP: IP that the user registers directly, to which control policies are applied; can be registered as an IP address or range
- Excluded IP: IP to be excluded from Applied IP, can be registered as an IP address or range
- All IPs: No IP access restriction
- Access is allowed for all IPs, but if exceptions are needed, register Excluded IP to restrict access for the specified IPs
Additional condition Select Add conditions for attribute-based access control (ABAC) - Condition Key: Select from Global condition keys and service condition key list
- Qualifier: Default value, arbitrary value in the request, all values in the request
- Operator: Bool, Null
- Value: True, False
Table. Policy Creation - Permission Settings
- To register an individual resource as an applied resource, refer to Register an individual resource as an applied resource and proceed.
After reviewing the information entered on the Check Input Information page, click the Complete button.
When the popup notifying a policy change opens, click the Confirm button.
Register individual resources as applied resources
Permission Settings allows you to register individual resources as applied resources. To register individual resources as applied resources, follow these steps.
- In the action selection, select an action that can select individual resources.
- Actions that allow individual resource selection are displayed in purple.
- In Applied Resource, click Individual Resource.
- Click the Add Resource button. The Add Resource popup opens.
Category Whether requiredDetailed description Self-type Required Select the type of resource to add SRN - Unique resource ID in Samsung Cloud Platform - Automatically updated according to the input fields below
Account Required Account ID Settings - Current Account: Current Account ID is auto-filled and cannot be edited
- All Accounts: Add to all Accounts (not recommended)
- Manual Input: Manually enter the Account ID using lowercase English letters and numbers, up to 100 characters (wildcard input not allowed)
Region Select Enter the resource’s region information directly within 100 characters - Select All When checked, add resources from all regions
Resource ID Required Enter the resource ID to add directly, up to 100 characters - Select All when checked adds all resources of that resource type
Table. Policy creation - Register individual resources as applicable resources
Delete Permission Set
To delete a permission set, follow these steps.
- Click the All Services > Management > ID Center menu. Go to the Service Home page of ID Center.
- On the Service Home page, click the Permission Set menu. You will be taken to the Permission Set List page.
- Select at least one permission set to delete from the permission set list.
- After verifying the selected permission set, click the Delete button.
- You can also delete individually from the Permission Set Details page of the permission set to be deleted.
- When the popup notifying the deletion of the permission set opens, click the Confirm button.
2.5 - Using ID Center Access Portal
You can access and use the Account resource through the Access Portal.
- To use the Access Portal, you must be registered as a user in the ID Center of the Samsung Cloud Platform Console.
- For detailed information on user registration, refer to Create User.
Access Portal First Login
To log in to the Access Portal for the first time, follow these steps.
- Use the Access Portal URL to go to the login page.
- The Access Portal connection URL is activated when applying for ID Center and can be found on the ID Center Settings page.
- A firewall request may be required depending on the user environment.
- Enter the username and password on the login page.
Select the method to send the verification code, and click the Send Verification Code button.
Enter the received verification code and click the Next button. A Identity verification for multi-factor authentication (MFA) popup will open.
Identity verification for multi-factor authentication (MFA) in the popup window, after completing personal information entry and terms verification for MFA, click the Confirm button. The Password change popup window opens.
Item Required statusdescription Prevent automatic input Required Enter the characters displayed in the image into the input field, then click the Confirm button. mobile phone number Required Enter mobile phone number - Enter the mobile phone number and click the Verify button to issue a verification code
- Enter the verification code received on the mobile phone and click the Confirm button
- If the verification code is valid, identity verification is completed
email Required Enter an email (up to 60 characters) to use for identity verification - For accounts whose credential source is linked as AD type, select provide email information registered on the AD side as read-only
region Required Region selection for personal data collection Collection and Use of Personal Information Required After reviewing the terms for the collection and use of personal data, check I agree Table. Identity verification items for multi-factor authentication (MFA)Password Change In the popup window, after entering the password change information, click the Confirm button. The Access Portal Terms of Use popup window will open.
Item Required statusdescription Existing password Required Enter the password received from the ID Center administrator New password Required Refer to the password creation rules and enter it manually. Confirm Password Required Re-enter the password Table. Password change itemsPassword creation rules- It must include at least one uppercase letter (English), one lowercase letter (English), one digit, and one special character (
!@#$%&*^). - The length must be 9 to 20 characters.
- ID or username cannot be used as a password.
- You cannot use the same character more than three times.
- You cannot use passwords that are easy to guess.
- You cannot use a recently used password.
- Consecutive characters or numbers of four or more are not allowed.
- The password change cycle is 90 days.
- It must include at least one uppercase letter (English), one lowercase letter (English), one digit, and one special character (
After reviewing the Access Portal terms of use, click the Confirm button. You will be redirected to the Access Portal page.
Access Portal Log in
- If you are accessing the Access Portal for the first time, refer to Access Portal First-time Access, apply for the Access Portal URL first, and then log in.
To log in to the Access Portal, follow these steps.
- Enter the Access Portal connection URL received through service request in the browser’s address bar. You will be taken to the Access Portal login page.
- On the login page, enter username and password.
- Choose the method to send the verification code, and click the Next button. You will be taken to the verification code confirmation page.
- If you did not receive the verification code or it has expired, click the Resend verification code button to request the code again.
- Enter the received verification code and click the Login button. You will be taken to the Access Portal page.
- If you have lost your ID or password, click the Find Password button, then you can change it using the email or phone number registered in the Access Portal.
- Accounts whose credential source is linked as AD type have Password Recovery disabled. Contact the ID Center administrator.
- Please enter the password and verification code correctly. If you enter the password or verification code incorrectly five or more times, your account will be locked for security.
- If the account is locked, provide the locked account information to the user.
Using Access Portal
When you log in to Access Portal, you will be taken to the Access Portal page. Access Portal page consists of Account tab and My Info tab.
Account
Check the Account and permission set assigned to the user, and access the Samsung Cloud Platform Console using the Account’s permission set.
By using temporary key issuance, you can obtain a temporary key to access the Account.
| Category | Detailed description |
|---|---|
| Account List | Account name and ID assigned to the user, and root user email information
|
| Permission Set List | Permission set applied to the Account
|
My Info.
Verify the user’s basic information, and modify the user’s description and options as needed.
| Category | Detailed description |
|---|---|
| Username | User’s name |
Email to be used for identity verification
| |
| mobile phone number | Mobile phone number to use for identity verification
|
| Last login | The date and time the user last logged in |
| Password | Date and time of the last password change
|
| Password reuse restriction | Number of recent passwords that cannot be set as the password
|
| time zone | User Time Zone (Time Zone)
|
| Terms and Conditions | Agreement to terms
|
- If you enter the password incorrectly five or more times, you will be automatically logged out.
- It must contain at least one each of uppercase letters (English), lowercase letters (English), digits, and special characters (
!@#$%&*^). - The length is 9 to 20 characters.
- ID or username cannot be used as a password.
- You cannot use the same character more than three times.
- You cannot use passwords that are easy to guess.
- You cannot use a password that was recently used.
- Sequences of four or more consecutive characters or digits are not allowed.
- The password change cycle is 90 days.
Account
You can check the Account and permission set assigned to the user, and use the Account’s permission set to log in to the Samsung Cloud Platform Console or obtain a temporary token for access.
| Category | Detailed description |
|---|---|
| Account list | Account name and ID assigned to the user, and root user email information
|
| Permission Set List | Permission set applied to the Account
|
Issue temporary key
You can obtain a temporary key to access the Samsung Cloud Platform Console from the Access Portal. To obtain a temporary key, follow these steps.
- Enter the Access Portal connection URL received through service request into the browser’s address bar. You will be taken to the Access Portal login page.
- Log in to Access Portal. Go to the Access Portal page.
- Access Portal page, click the Account tab. You will be taken to the Account tab.
- From the permission set list, click the Temporary Key Issuance button for the permission set you want to receive a temporary key for. A popup notifying the temporary key issuance will open.
- After checking the account name, click the Confirm button. The ID Center temporary key issuance popup opens.
- After checking the token issuance information, click the Confirm button.
- ID Center Credential Issuance Please note that the information in the popup cannot be reviewed again.
- If you lose the token issuance information, you must reissue the token.
3 - Release Note
ID Center
- When applying for the ID Center, we also provide the Access Portal URL.
- The process of requesting the Access Portal URL through a service request has been changed to provide the Access Portal URL together when applying for the ID Center.
- After completing the ID Center application, you can view the Access Portal connection URL on the ID Center settings screen.
- You can select AD (Active Directory) as the credential source.
- Using AD (Active Directory), users can manage credential sources directly.
- We have officially launched the ID Center service.
- You can create permission policies for each service and assign accounts and policies linked to the Organization service to users, enabling management of tasks according to each user’s permissions.
- You can strengthen security so that only authorized ID Center users can access through the Access Portal.