检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
"nosql:instance:delete", "vpc:publicIps:list", "vpc:publicIps:update" ], "Effect": "Allow" } ] } Parent Topic: Using IAM
"nosql:instance:delete", "vpc:publicIps:list", "vpc:publicIps:update" ], "Effect": "Allow" } ] } Parent Topic: Using IAM
Service Notices All Notices > Upgrade Notices > Dedicated Cloud IAM Service Upgrading on Nov 13, 2020, from 01:00 to 04:00 GMT+03:00 Dedicated Cloud IAM Service Upgrading on Nov 13, 2020, from 01:00 to 04:00 GMT+03:00 Nov 09, 2020 GMT+08:00 Dear customer, To further enhance the stability
How Do I Get My Account ID and IAM User ID? (SDK for Python) Obtaining Account, IAM User, and Project Information Using the console On the Huawei Cloud homepage, click Console in the upper right corner.
Can I Use an AK/SK Pair of a Federated User (Virtual IAM User) for Authentication During the SMS-Agent Startup? SMS does not support authentication using AK/SK pairs of federated users (virtual users) during the SMS-Agent startup. Parent Topic: Credentials
Concepts IAM Identity Center User A user created in IAM Identity Center. You can associate an IAM Identity Center user with multiple accounts in your organization and configure permissions for the user.
The management account can delegate administration of IAM Identity Center to a member account in your organization to extend the ability to manage IAM Identity Center.
Overview Read this chapter if you are using IAM Identity Center for the first time. It helps you quickly familiarize yourself with the main functions of IAM Identity Center. The following figure shows how to use IAM Identity Center. Figure 1 Flowchart
Updating Access Control Attributes for a Specified Instance Function This API is used to update IAM Identity Center identity source attributes that can be used with the IAM Identity Center instance for ABAC.
Create an IdP of the IAM user SSO type. For details, see Creating an IdP Entity on Huawei Cloud. The IdP name must be unique. You are advised to use the domain name. For details about IAM user SSO, see Application Scenarios of Virtual User SSO and IAM User SSO.
Create an IdP of the IAM user SSO type. For details, see Creating an IdP Entity on Huawei Cloud. The IdP name must be unique. You are advised to use the domain name. For details about IAM user SSO, see Application Scenarios of Virtual User SSO and IAM User SSO.
Table 1 Quotas for IAM Identity Center Item Default Quota Adjustable Number of users that can be created in IAM Identity Center 100,000 Yes Number of groups that can be created in IAM Identity Center 100,000 Yes Number of users in a group Unlimited - Number of groups to which a user
Creating a Group Administrators can create IAM Identity Center groups, associate permission sets and accounts with the groups, and add IAM Identity Center users to these groups so that these users inherit permissions from the groups.
Then, you can log in to the system as the IAM Identity Center user to access resources of those accounts without repeated login. If you are using IAM Identity Center for the first time, the service enabling page is displayed. Click Enable Now to enable IAM Identity Center first.
You configure this connection in your IdP using your SCIM endpoint for IAM Identity Center and a bearer token that you create in IAM Identity Center.
Deleting a User You can delete an IAM Identity Center user that is no longer needed. Deleting an IAM Identity Center user deletes all information about the user and revokes its access permissions. Deleted users cannot be restored. Exercise caution when performing this operation.
Adding Users to or Removing Users from a Group After an IAM Identity Center user is added to or removed from a specific IAM Identity Center group, the user gains or loses the permissions of that group. This way, you can change the user's permissions quickly.
Rotating Certificates IAM Identity Center uses certificates to set up a SAML trust relationship between IAM Identity Center and your external identity provider.
Okta IAM Identity Center supports automatic provisioning (synchronization) of user and group information from Okta into IAM Identity Center using the SCIM v2.0 protocol.
It will only be visible in the IAM Identity Center console and when IAM Identity Center APIs are called. Figure 1 Setting the name and description Configure IAM Identity Center as an identity provider in either of the following ways.
