检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Then, you can log in to the system as the IAM Identity Center user to access resources of those accounts without repeated login. If you are using IAM Identity Center for the first time, the service enabling page is displayed. Click Enable Now to enable IAM Identity Center first.
You configure this connection in your IdP using your SCIM endpoint for IAM Identity Center and a bearer token that you create in IAM Identity Center.
Deleting a User You can delete an IAM Identity Center user that is no longer needed. Deleting an IAM Identity Center user deletes all information about the user and revokes its access permissions. Deleted users cannot be restored. Exercise caution when performing this operation.
Adding Users to or Removing Users from a Group After an IAM Identity Center user is added to or removed from a specific IAM Identity Center group, the user gains or loses the permissions of that group. This way, you can change the user's permissions quickly.
Rotating Certificates IAM Identity Center uses certificates to set up a SAML trust relationship between IAM Identity Center and your external identity provider.
Okta IAM Identity Center supports automatic provisioning (synchronization) of user and group information from Okta into IAM Identity Center using the SCIM v2.0 protocol.
It will only be visible in the IAM Identity Center console and when IAM Identity Center APIs are called. Figure 1 Setting the name and description Configure IAM Identity Center as an identity provider in either of the following ways.
For example, if you enter the IAM console URL, users will access the IAM console after login. Description Description of a permission set.
URI GET /v1/instances/{instance_id}/identity-store-associations Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance.
Selecting an MFA Type You can select a device type for MFA authentication when IAM Identity Center users are prompted for MFA. Procedure Log in to the Huawei Cloud management console.
Querying Instance Configurations Function This API is used to query the configurations of an IAM Identity Center instance, including identity authentication and session management.
Selecting a Region for Enabling a Service Instance Function This API is used to select a region where an IAM Identity Center service instance is to be enabled. It can be called only from the organization's management account.
Table 4 instances Parameter Type Description identity_store_id String Globally unique identifier (ID) of the identity source associated with an IAM Identity Center instance.
Disabling a User Function This API is used to disable an IAM Identity Center user. It can be called only from the organization's management account or from a delegated administrator account of a cloud service.
Response Parameters Status code: 200 Table 2 Parameters in the response body Parameter Type Description serviceStatus String IAM Identity Center service instance status. serviceStatusReasons Array of strings Reason why the IAM Identity Center service instance is in a state.
Minimum length: 12 Maximum length: 12 group_id Yes String Globally unique ID of an IAM Identity Center group in the identity source.
IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview. IAM Identity Center Permissions New IAM users do not have any permissions assigned by default.
Creating a Group Function This API is used to create an IAM Identity Center group in the specified identity source. It can be called only from the organization's management account or from a delegated administrator account of a cloud service.
Configuring an Instance Function This API is used to configure an IAM Identity Center instance, including identity authentication and session management.
Disabling Access Control Attributes for a Specified Instance Function This API is used to disable ABAC for a specified IAM Identity Center instance and delete all configured attribute mappings.
