检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Obtaining Access Control Attributes for a Specified Instance Function This API is used to return a list of IAM Identity Center identity source attributes that have been configured to be used with attribute-based access control (ABAC) of a specified IAM Identity Center instance.
If you use an external identity provider as the identity source, you can configure user attributes for performing ABAC in both IAM Identity Center and the external identity provider.
Minimum length: 12 Maximum length: 12 group_id Yes String Globally unique ID of an IAM Identity Center group in the identity source.
Billing IAM Identity Center is a free service. You only need to pay for the cloud services and resources used in your accounts. For details about the billing for using resources, see the billing description for each resource.
For example, if you enter the IAM console URL, users will access the IAM console after login. Description Description of a permission set.
In this case, you can manually provision users and groups through the IAM Identity Center console. When you add users to IAM Identity Center, ensure that the username is the same as that in your IdP.
Minimum length: 12 Maximum length: 12 user_id Yes String Globally unique ID of an IAM Identity Center user in the identity source.
On the Identity Source tab, click Change to IAM Identity Center in the Identity Source row. Figure 4 Changing to IAM Identity Center Review and confirm the change.
Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center. Choose Settings in the navigation pane. Click the Authentication tab.
Before using IAM Identity Center, you must enable the Organizations service and create an organization. Then, you can log in to IAM Identity Center using the organization's management account.
Currently, you can only associate IAM Identity Center users/groups and permission sets with member accounts in your organization, rather than organizational units (OUs) or the whole organization.
Associating Accounts with Users and Permission Sets After IAM Identity Center users/groups and permission sets are created, you can associate one or more member accounts in your organization with the created users/groups and permission sets.
Creating Permissions Policies for ABAC Overview After you add tags to resources and enable and configure access control attributes in IAM Identity Center, you need to add attribute-based access control rules to custom identity policies of the permission set.
Deleting a Service Instance Function This API is used to delete an IAM Identity Center service instance. It can be called only from the organization's management account.
Customizing User Portal URL After you enable IAM Identity Center, a unique user portal URL is automatically generated. You can customize the URL only once. After the URL is changed, it cannot be modified any longer. Procedure Log in to the Huawei Cloud management console.
Disabling, Enabling, or Deleting a User You can disable the access permissions of an IAM Identity Center user that is not required temporarily. You can enable it again if needed. You can also delete IAM Identity Center users. Deleted users cannot be restored.
Querying the SP Configuration Function This API is used to query the SCIM configuration in IAM Identity Center.
Enabling a User Function This API is used to enable an IAM Identity Center user.
Creating a User Function This API is used to synchronize a user to IAM Identity Center using the System for Cross-domain Identity Management (SCIM) protocol.
Creating a Group Function This API is used to synchronize a group to IAM Identity Center using the SCIM protocol.
