检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating IAM Custom Policies for IAM Identity Center You can create custom policies to supplement the system-defined policies of IAM Identity Center. To create a custom policy, choose either visual editor or JSON.
Creating a User and Granting IAM Identity Center Permissions You can use Identity and Access Management (IAM) for fine-grained permissions control for your IAM Identity Center. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
Using IAM to Grant Access to IAM Identity Center Creating a User and Granting IAM Identity Center Permissions Creating IAM Custom Policies for IAM Identity Center
Service Overview What Is IAM Identity Center? Application Scenarios Notes and Constraints Permissions Concepts 04 APIs Use diverse APIs provided by IAM Identity Center to manage instances, permission sets, account assignments, and users.
IAM Identity Center Resetting If you no longer need to use IAM Identity Center, intend to enable IAM Identity Center in a different region, or intend to create a new configuration from scratch, you can delete all data configured in IAM Identity Center.
What Is IAM Identity Center? Introduction IAM Identity Center helps you centrally manage your workforce identities and their access to multiple Huawei Cloud accounts.
Logging In as an IAM Identity Center User and Accessing Resources After associating member accounts of an organization with an IAM Identity Center user and permission sets, you can use the IAM Identity Center username and password to log in to the console through the user portal URL
For example, if you enter the IAM console URL, users will land on the IAM console after login. Description Description of a permission set.
Logging In as an IAM Identity Center User and Accessing Resources You can use an IAM Identity Center username and password to log in to the management console through the user portal URL.
Using CTS to Audit IAM Identity Center Operations Key Operations Supported by CTS Viewing CTS Traces in the Trace List
Table 1 IAM Identity Center operations that can be recorded by CTS Operation Resource Type Event Name Enabling IAM Identity Center Instance StartIdentityCenter Disabling IAM Identity Center Instance DeleteIdentityCenter Registering a region Instance RegisterRegion Updating single
Obtaining Information About Account, IAM User, Group, Project, Region, and Agency Obtaining Account, IAM User, and Project Information Using the console On the Huawei Cloud homepage, click Console in the upper right corner.
Parent topic: Using CTS to Audit IAM Identity Center Operations
Concepts IAM Identity Center User A user created in IAM Identity Center. You can associate an IAM Identity Center user with multiple accounts in your organization and configure permissions for the user.
The management account can delegate administration of IAM Identity Center to a member account in your organization to extend the ability to manage IAM Identity Center.
Overview Read this chapter if you are using IAM Identity Center for the first time. It helps you quickly familiarize yourself with the main functions of IAM Identity Center. The following figure shows how to use IAM Identity Center. Figure 1 Flowchart
Table 1 Quotas for IAM Identity Center Item Default Quota Adjustable Number of users that can be created in IAM Identity Center 100,000 Yes Number of groups that can be created in IAM Identity Center 100,000 Yes Number of users in a group Unlimited - Number of groups to which a user
Creating a Group Administrators can create IAM Identity Center groups, associate permission sets and accounts with the groups, and add IAM Identity Center users to these groups so that these users inherit permissions from the groups.
Then, you can log in to the system as the IAM Identity Center user to access resources of those accounts without repeated login. If you are using IAM Identity Center for the first time, the service enabling page is displayed. Click Enable Now to enable IAM Identity Center first.
You configure this connection in your IdP using your SCIM endpoint for IAM Identity Center and a bearer token that you create in IAM Identity Center.