检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Service Overview What Is IAM Identity Center? Application Scenarios Notes and Constraints Permissions Concepts 04 APIs Use diverse APIs provided by IAM Identity Center to manage instances, permission sets, account assignments, and users.
Obtaining Information About Account, IAM User, Group, Project, Region, and Agency Obtaining Account, IAM User, and Project Information Using the console On the Huawei Cloud homepage, click Console in the upper right corner.
IAM Identity Center Resetting If you no longer need to use IAM Identity Center, intend to enable IAM Identity Center in a different region, or intend to create a new configuration from scratch, you can delete all data configured in IAM Identity Center.
Accessing IAM Identity Center through APIs Use this access method if you are required to integrate IAM Identity Center on Huawei Cloud into a third-party system for secondary development. For detailed operations, see the IAM Identity Center API Reference.
Logging In as an IAM Identity Center User and Accessing Resources After associating member accounts of an organization with an IAM Identity Center user and permission sets, you can use the IAM Identity Center username and password to log in to the console through the user portal URL
Logging In as an IAM Identity Center User and Accessing Resources You can use an IAM Identity Center username and password to log in to the management console through the user portal URL.
For example, if you enter the IAM console URL, users will land on the IAM console after login. Description Description of a permission set.
Using IAM to Grant Access to IAM Identity Center Creating a User and Granting IAM Identity Center Permissions Creating IAM Custom Policies for IAM Identity Center
Creating IAM Custom Policies for IAM Identity Center You can create custom policies to supplement the system-defined policies of IAM Identity Center. To create a custom policy, choose either visual editor or JSON.
Using CTS to Audit IAM Identity Center Operations Key Operations Supported by CTS Viewing CTS Traces in the Trace List
Enabling an IAM Identity Center Instance Function This API is used to enable an IAM Identity Center service instance. It can be called only from the organization's management account.
Creating a User and Granting IAM Identity Center Permissions You can use Identity and Access Management (IAM) for fine-grained permissions control for your IAM Identity Center. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
Concepts User A user created in IAM Identity Center. You can associate an IAM Identity Center user with multiple accounts in your organization and configure permissions for the user.
IAM is a free service. You only pay for the resources in your account. For more information about IAM, see What Is IAM?. IAM Identity Center Permissions New IAM users do not have any permissions assigned by default.
The management account can delegate administration of IAM Identity Center to a member account in your organization to extend the ability to manage IAM Identity Center.
Overview Read this chapter if you are using IAM Identity Center for the first time. It helps you quickly familiarize yourself with the main functions of IAM Identity Center. The following figure shows how to use IAM Identity Center. Figure 1 Flowchart
Updating Access Control Attributes for a Specified Instance Function This API is used to update IAM Identity Center identity source attributes that can be used with the IAM Identity Center instance for ABAC.
Table 1 IAM Identity Center operations that can be recorded by CTS Operation Resource Type Event Name Enabling IAM Identity Center Instance StartIdentityCenter Disabling IAM Identity Center Instance DeleteIdentityCenter Registering a region Instance RegisterRegion Updating single
Table 1 Quotas for IAM Identity Center Item Default Quota Adjustable Number of users that can be created in IAM Identity Center 100,000 Yes Number of groups that can be created in IAM Identity Center 100,000 Yes Number of users in a group Unlimited - Number of groups to which a user
Parent topic: Using CTS to Audit IAM Identity Center Operations
