The page has been translated by Gen AI.

Configuration

The configuration feature enables PM and PL group users to manage essential project settings, account configurations and tenant administrators to set up approval lines and organizational charts.

Project

The project menu allows users to view all projects they belong to. Project details are initially registered by the PM, and can be modified by the PM or PL group users as needed.

Create Project

To create a project, click the Create Project button and enter the project information.

  1. Project Name: Give a name to the project.
  2. PM: Designate a project manager who can manage project-related information and permissions. Note that if you designate someone other than yourself, you will no longer be able to manage the project after creation.
  3. Organization: Select the organization that will carry out the project.
  4. Description: Enter a description of the project.

View Project

In the View Project screen, PM or PL group users can manage project information and add CSP accounts and users to the project.

  1. General Information: Displays the project information registered in the Create Project screen.
  2. Edit: Click the Edit button to modify the project’s general information.
  3. Delete: Click the Delete button to delete the project.
  4. Users: Displays a list of users registered to the project.
  5. Accounts: Displays a list of cloud accounts registered to the project.

Cloud Account Management

PM and PL group users can add new accounts to the project or delete accounts that are no longer in use.

Adding AWS Account

CAM supports a keyless method to enhance security when connecting cloud accounts. To register an account, you need to create a new role in the AWS IAM service with the policy required by CAM. Follow these steps to create a role in AWS:

  1. Access the AWS IAM service
  2. Go to the Roles menu and click Create Role
    • Click the Create button in the Access management > Roles section to go to the Create Role screen.
  3. Create Role > Step 1: Select a trusted entity. This step is where you enter CAM account information.
    • Select AWS account and Another AWS account in order, and enter the CAM account ID 022499039571 in the account ID field.
  4. Create Role > Step 2: Add permissions
    • Assign the CAM policy to the newly created role.
      Guide

      Search for and select the relevant policy, and proceed to the next step.

      • IAMFullAccess
      • AmazonEC2FullAccess
      • AmazonRDSFullAccess
      • AWSCloudTrail_FullAccess
      • AmazonS3FullAccess
      • AmazonEventBridgeFullAccess
  5. Create Role > Step 3: Name, review, and create Enter a role name and click the Create Role button to complete the role creation. ※ The role name created here will be used as the Role Name when registering the account in CAM.
Guide

After creating a role in IAM, go back to the Project View screen in CAM and register the account. Click the Add button above the account list and enter the account information to register the account to the project. To complete the account registration, an approval process is required. Click the Create Approval button to proceed with the approval, which will be sent to an approval system such as Knox for processing. Once the approval is complete, you can view the newly registered account in the account list.

  1. CSP: Select the CSP.
  2. Environment: Select the service environment.
  3. Account Name: Give a name to the account.
  4. Account ID: Enter the account ID registered in AWS and click the ‘Verify’ button to confirm.
  5. AWS Type: Set to ON if the account is a Chinese account.
  6. Role Name: Enter the role name created in the AWS IAM.
Note
Account registration policies may vary depending on the tenant. According to the tenant’s policy, accounts may be restricted to registration in only one project.
  1. Title: Automatically entered by the system and cannot be modified.
  2. Approver: The approval line is automatically added by the system, and approvers and agreeers can be added according to the approval guide.
  3. Content: Account information is automatically entered by the system and cannot be modified.

Adding SCP Account

PM and PL group users can add new SCP account to a CAM project through the Add Account button in the View Project page. CAM supports a keyless connection method for enhanced security, so no credentials are exchanged directly during account registration. Before you begin, make sure that the required setup is completed in the SCP Console.

Note
SCP includes both SCP for Samsung and SCP for Enterprises environments. Depending on your CSP authority or selection, the pre-requisites and steps for adding an account are identical for both.
Step 1. Pre-requisite Setup (One-time Trust Configuration for CAM Account)

Before adding your SCP account in CAM, ensure the following configuration is completed on the SCP side. This setup allows CAM to securely access the target project and verify account information.

First you will need to setup policy, if it is not already created based on the described steps in the manual below. Then authorize the CAM account via Permission Groups and then add members.

  1. Create a Policy for CAM Access

  • Go to SCP Console.

  • Login and navigate to the IAM > Policies section in SCP Console.

  • Create a Policy with the name ‘CAM_Linked_Policy’ Create a new policy that includes the necessary permissions required for CAM operation based on the following table:

    IDActionReason
    [Platform] Permission ManagementList, Read, Create, Delete, Update PermissionCreate/Delete Policy, Assign Policy to Role
    [Platform] Resource ManagementList, ReadView List and Details of SCP
    [Platform] Tag ManagementList, ReadView Tag List/Information, etc.
    [Platform] Project ManagementList, ReadAssigned Project List/Information
    Table. Policy for CAM Access list

  • Alternatively, you can also add policy requirements to JSON Mode.

  • You can connect Permission Group and role later, so Complete Policy creation without checking anything

  1. Authorize the CAM Account via Permission Groups
  • Once the policy is created, link it to the CAM system account using a permission group.
  • Step-by-step:
    • Navigate to IAM > Permission Groups
    • Create a new permission group (e.g., CAM-Access-Group)
    • Create a Permission Group with the name ‘CAM_Linked_Group’.
    • Attach the CAM policy created above to this group
    • When you add User to your project, you will connect User to Permission Group, so now you can Complete Permission Group generation without checking any User.
  1. Assign CAM Service Account to the Permission Group
  • Navigate to the Project Members section in your SCP Console.
  • Add the required account as a member of your target project.
  • This account represents CAM and will be used for integration.
  • To Add it, select the target project > Identity Access Management > Add User > Add Project Member > Add SCP User to Target Project
  • Proceed to Add Project Member
    • Search CAM users with ‘cam.app@samsung.com’ e-mail address.
    • Click the ADD button to select the cam.app user.
    • Add the User available from the list. Alternatively, you can search the user by using the search functionality.
  • Search user to add as a Project Member.
    • Select the Permission Group with the name ‘CAM_Linked_Group’ that you created above and complete the Add Project member operation.
  • Connect Permission Groups to complete Adding Project Member
  • After completing the above steps, return to the Project View screen in CAM to add your SCP account.
Step 2. Add Account in CAM console
  • In CAM, go to View Project > Manage Accounts.
  • Click the Add Account button.
  • In the pop-up that opens, fill in the following details:
    • Select CSP and Environment
      • CSP: Choose SCP for Enterprises or SCP for Samsung.
      • Environment: Select the environment this account will belong to (e.g., DEV, STG, PRD, or ETC).
    • Enter Account Information
      • Account Name:
        • Enter a name to identify this account within CAM.
        • This can be up to 50 characters long.
        • Only English letters and numbers are allowed.
      • Project ID (from SCP Console):
        • Enter the Project ID of the SCP project you prepared earlier.
        • Allowed: English letters, numbers, and hyphens only
        • Max: 30 characters
    • Click Verify after entering the Project ID. CAM checks the following:
      • The project exists in SCP.
      • The required roles (cam-Administrator, cam-Operator, cam-Developer) are present.
      • The project isn’t already registered in another CAM project or awaiting approval elsewhere.
      • If any of these conditions are not met, you’ll see a validation message.
Step 3. Create Approval

Once the Project ID is verified and other details are complete, the Create Approval button will become active.

Click it to send the account addition request for approval. Depending on your CAM setup, you can either select the approvers manually or let the system route it to the default approvers. After approval, the SCP account will appear in the Project Accounts table in CAM.

Adding Azure Account

Before adding an Azure account in CAM, complete the following setup steps in the Microsoft Entra ID and Azure Portal. These steps must be performed by a Tenant Admin.

Step 1: Pre-requisite Setup (One-time Trust and Domain Configuration for CAM Account)

This step ensures that CAM is trusted within the target Azure tenant and has the required access permissions. This step needs to be completed before adding an Azure account in CAM by the Tenant Admin.

These pre-requisites are divided into two sections:

  • Trust Configuration
  • Domain Configuration

Trust Configuration for CAM Account

This step ensures that CAM is trusted within the target Azure tenant and has the required access permissions. It must be performed by a Tenant Administrator in the target Azure tenant. The purpose is to grant the CAM application the necessary permissions to access resources within Microsoft Entra ID.

To allow CAM to integrate with Azure, the Tenant Administrator must open the CAM Admin Consent URL. This URL triggers a Microsoft Entra Admin Center consent dialog, where the admin can approve the requested permissions for the CAM application.

  • Obtain the Tenant ID

    The CAM Admin Consent URL includes an App Client ID linked to a specific tenant. Before using it, the Tenant ID of the target Azure tenant must be confirmed.

    To find your Tenant ID:

    • Sign in to the Azure Portal.
    • In the left navigation menu, go to Microsoft Entra ID.
    • In the Overview tab (first screen), locate the Tenant ID field.
    • Copy the Tenant ID for use in the Admin Consent URL.

  • Access the CAM Admin Consent URL

    • Open the CAM Admin Consent URL in a web browser. (https://login.microsoftonline.com/{Your_Tenant_ID}/adminconsent?client_id=39613ae7-2fd4-4f3c-9471-aba2391da0b5)

      Replace the placeholder {Your_Tenant_ID} in the URL with the actual Tenant ID you copied earlier.

    • When prompted, select the Global Administrator account of the target tenant.

    • This account must have the highest administrative privileges in the tenant.

    • Review the Consent Agreement displayed. This agreement outlines the exact permissions CAM will be granted.

    • If you agree, click Accept to approve the integration.

    • By completing this step, CAM gains access to the tenant-level resources in Microsoft Entra ID.

    • No Subscription Access Yet: This step does not grant CAM access to Azure subscriptions. Subscription-level access will be configured separately in later steps (Management Group Role creation and Subscription Role assignment).

  • Verify CAM application registration after granting consent

    • In Azure Portal, navigate to Microsoft Entra ID → Enterprise Applications.
    • Search for the CAM application.
    • Confirm the CAM app appears in the list and is properly registered.
Note
When you grant Admin Consent, you are giving CAM tenant-level recognition.

Domain Configuration for CAM Account In Azure, domain linkage is required so that you as a user can authenticate through email and integrate with CAM’s Keycloak authentication. The process of Domain Configuration has two main phases:

PhaseWho Performs ItFrequency
Create a DomainTenant Admin or PM/PLOnce per tenant (maybe repeated for new domains if required)
Register your domain in the Azure TenantTenant AdminOnce per tenant (unless additional domains are added later)
Table. Domain Configuration for CAM Account list

Create a Domain You can create a public domain using any DNS service that can generate TXT records (e.g., AWS Route 53, SCP DNS). For this guide, we use SCP DNS as an example.

  • Pre-Domain Creation Operations
    • Log into SCP DNS.
      • Access the SCP console and navigate to the DNS menu.
    • Initiate Public Domain Purchase.
      • Click Product Request.
      • This opens the Purchase Form.
    • Fill in the details of Domain Purchase Form.
      • Usage Type: Select Public
      • Domain Name: Enter desired public domain name.
      • Registrant Details: Enter name, email, address, phone number.
      • Description and Designation fields.
      • Billing Information will be displayed before purchase confirmation.
    • Confirm Purchase
      • Review the final billed amount.
      • Click Next to confirm.
    • Verify DNS Status
      • Once created, the domain will appear in the SCP DNS list.
      • Wait until the status shows Active; which suggests it is now publicly usable.
      • You now have an active public domain that can be linked to your Azure tenant for user authentication.

Register your Domain in the Azure tenant

Now that the public domain exists, it must be linked to Microsoft Entra ID for authentication.

  • Pre-Domain Setup Operations (Azure Tenant)

    • Sign in to the Azure Portal with a Tenant Administrator account.
    • Navigate to Microsoft Entra ID → Custom Domain Names.
    • Click +Add Custom Domain.
    • Enter your public domain name (the one you created in SCP).
    • Click Add Domain.

  • Generate a TXT Record of the Domain (Azure → SCP DNS)

    • Once you add the domain in Azure:
      • Azure will display a TXT record value that must be added to your domain’s DNS settings. This is required to verify domain ownership.
      • Copy the TX record value from Azure.

  • Add TXT Record (To SCP / Domain Host)

    • Go to SCP DNS then select the Active public domain you created.
    • Click Add Record.
    • Record Type: Select TXT.
    • Value: Paste the TXT record value copied from Azure.
    • TTL (Time to Live): Choose according to preference.
    • Click Confirm.
    • Ensure the record appears in the domain’s DNS list.

  • Validate Domain in Azure

    • Return to the Azure Portal; select Microsoft Entra ID; then select Custom Domain Names.
    • Initially, the domain status will be unverified.
    • Click the domain and click Verify button.
    • Once Azure detects the TXT record (propagation may take several minutes); Status changes to Verified.
    • Your public domain is now officially linked to the Azure tenant.
Step 2. Add Account in CAM console
  • In CAM, go to View Project > Manage Accounts.
  • Click the Add Account button.
  • In the pop-up that opens, fill in the following details:
    • Select CSP and Environment
      • CSP: Choose Azure
      • Environment: Select the environment this account will
    • Enter Account Information
      • Account Name:
        • Enter a name to identify this account within CAM.
        • This can be up to 50 characters long.
        • Only English letters and numbers are allowed.
      • Tenant ID (from Azure Portal):
        • Enter the Tenant ID.
        • Only English letters, numbers, and hyphens are allowed.
        • Maximum 36 characters can be entered.
        • Click Verify and CAM will check the following:
          • Confirm if the Tenant ID format is correct.
          • Validate it against Azure to ensure it exists.
          • Only after Tenant ID is verified will the Subscription ID field be enabled.
      • Subscription ID (from Azure Portal):
        • Enter the Subscription ID.
        • Only English letters, numbers, and hyphens are allowed.
        • Maximum 36 characters can be entered.
        • Click Verify and CAM will check the following:
          • Confirm if the Subscription ID format is correct.
          • Check if the Subscription ID is already linked to another CAM project.
          • Check if it is already registered or has a pending approval request.
          • Only after Subscription ID is verified will the Federation Domain field be enabled.
      • Federation Domain (from Azure Portal):
        • Enter the Federation Domain.
        • Only English letters, numbers, hyphens, and dots are allowed.
        • Maximum 48 characters can be entered.
        • Click Verify and CAM will check the following:
          • Confirm that the Federation Domain format is correct.
          • Ensure it matches an existing verified domain from Azure Domain Configuration.
Step 3. Create Approval

Once all the fields are verified and details are complete, the Create Approval button will become active.

Click it to send the account addition request for approval. Depending on your CAM setup, you can either select the approvers manually or let the system route it to the default approvers. After approval, the Azure account will appear in the Project Accounts table in CAM.

Delete Account

Click the Delete button in the View Account section to delete an account that is no longer in use.

User Management

PM and PL group users can add or remove users from the project. Only users registered to the project can be granted console and resource access within the project, so users who need console or resource access must be registered as project users.

Add User

Click the Add button above the user list to add a user to the project.

  1. Name: Search for the user name registered in CAM.
  2. Group: Select the user’s group.
  3. PL: Can manage project-related information and has the same permissions as the project manager.
  4. Operator, Developer: Can view project-related information and request permissions for resources. These users are categorized for project role management but have the same permissions in the CAM portal.

Delete User

Select the user to delete from the user list and click the Delete button. After deleting a user, the deleted user can no longer view project-related information.

Notice

The Notice section allows Tenant Admins to create and manage notices that are displayed in the GNB Notices panel for users within the tenant. Multiple notices can be active simultaneously. Each notice can include a title, detailed description, optional attachment(s), and a defined display period.

Create Notice

To Create a Notice, click on the Create button on List page. In the Create Notice page, enter the following details:

  1. Title: Enter a title for the notice.
  2. Description: Provide the content or message to be displayed.
  3. Attachment (Optional): Upload supporting files (up to 5 files, with a combined maximum size of 50 MB). Empty files cannot be uploaded and supported file formats include images, documents, .mp4, and .zip.
  4. Display: Toggle ON to enable the notice for display in the GNB. Once the toggle is turned ON, you can select the Display Period or the date range during which the notice should be visible to users.

Select Save to create the notice. The newly created notice will appear in the Notice list.

View Notice Details

Select any notice title from the list to open the Notice Details page. All notice information (Title, Description, Attachments, Display Period, Created By, and Created Date) is displayed in read-only mode.

From this view:

  1. Use Edit to modify the notice.
  2. Use Delete to permanently remove the notice. .

Edit Notice

  • From the Notice List, select a notice to open its Detail View.
  • Select Edit.
  • Modify the required fields (Title, Description, Attachment, Display settings, or Date Range).
  • Select Save to update the notice.
Note
Changes made to an active notice take effect immediately.

Delete Notice

  • From the Notice Detail view page, select Delete.
  • Confirm the deletion when prompted. The selected notice will be removed from the list and will no longer appear in GNB Notices.

Approval Line

Tenant administrators can predefine approval lines that users must specify when creating an approval.

Create Approval Line

To create an approval line, click the Create button and specify the approval case and organization to create.

  1. Name: Enter a name for the approval line that will not be exposed to users.
  2. Target: Select when and which organization to apply.
  3. Approver Guide: Enter the approver information that cannot be automatically designated by the system but must be included in the approval line. If entered, it will be exposed to users as follows.
  4. Approver: Search for and add the approver’s name to be automatically designated and exposed by the system.

View Approval Line

To view detailed information about an approval line, go to the Approval Line menu and click on the desired approval line. You can view information about all approval lines and modify or delete them.

Modify Approval Line

Click the Edit button in the View Approval Line screen to modify the information.

Delete Approval Line

Click the Delete button to delete an approval line that is no longer in use.

Organization

The organization menu allows tenant administrators to manually manage the tenant’s organization. Tenant administrators can create organizations, which can be used to manage projects and approval lines by organization unit.

Add Organization

To add an organization, click the Add button and enter the following details in the Add Organization popup.

  1. Parent (Upper Organization): Select the name of the upper organization. The default value is the tenant name.
  2. Name: Enter the name of the organization to create.
  3. Display: Set the toggle to ON to expose the organization in the Organization list to users.

View Organization

The View Organization page displays a list of all created organizations. Click on the organization name to view detailed organization information on the right. You can expand the entire organization list to view all organizations at once, or collapse it to view only the top-level organizations.

Modify Organization

The data entered when creating the organization is displayed, and all data can be modified. Click the Save button after modifying.

Delete Organization

Click the Delete button in the View Organization screen to delete an organization that is no longer in use.

Note
Parent organizations and organizations with registered projects cannot be deleted.

Tenant Administrator

The tenant administrator menu allows you to add, specify, or delete administrators who manage the tenant. Initially, the user who applied for the service is designated as the tenant administrator, and subsequent administrators can be directly added, deleted, and managed by tenant administrators with administrative privileges.

Tenant administrators can manage tenant-based information through dedicated menus (e.g., Approval Line, Organization, etc.) and view all content within the tenant.

Add Tenant Administrator

To add a tenant administrator, click the Add button and search for and register a user among those registered to the tenant.

Delete Tenant Administrator

Select the user to delete from the tenant administrator list and click the Delete button.

Monitoring
FAQ