Identity and Access Management
Identity and Access Management

    All results for "" in this service

    Compute
    Elastic Cloud Server
    Bare Metal Server
    Auto Scaling
    Image Management Service
    FunctionGraph
    Management & Governance
    Identity and Access Management
    Cloud Eye
    Resource Formation Service
    Simple Message Notification
    Cloud Trace Service
    Application Operations Management
    Tag Management Service
    Log Tank Service
    Config
    Cloud Ecosystem
    KooGallery
    Partner Center
    User Support
    My Account
    Billing Center
    Cost Center
    My Credentials
    Enterprise Management
    Support Plans
    Partner Support Plans
    Professional Services
    Service Tickets
    Customer Operation Capabilities
    Resource Center
    Security & Compliance
    Web Application Firewall
    Data Encryption Workshop
    Database Security Service
    Data Security Center
    Anti-DDoS
    Host Security Service
    Cloud Firewall
    Cloud Bastion Host
    Cloud Certificate Manager
    SecMaster
    Storage
    Object Storage Service
    Elastic Volume Service
    Cloud Backup and Recovery
    Scalable File Service Turbo
    Scalable File Service
    Databases
    Relational Database Service
    Document Database Service
    Data Replication Service
    Distributed Database Middleware
    GeminiDB
    Data Admin Service
    TaurusDB
    Analytics
    MapReduce Service
    Data Lake Insight
    Cloud Search Service
    GaussDB(DWS)
    DataArts Studio
    Others
    System Permissions
    Common FAQs
    Instructions for Associating with a HUAWEI CLOUD Partner
    Message Center
    Developer Services
    CodeArts
    CodeArts Req
    CodeArts Pipeline
    CodeArts Check
    CodeArts Build
    CodeArts Deploy
    CodeArts TestPlan
    CodeArts Artifact
    CodeArts Repo
    Networking
    Virtual Private Cloud
    Elastic IP
    Elastic Load Balance
    NAT Gateway
    Direct Connect
    Virtual Private Network
    VPC Endpoint
    Global Accelerator
    Enterprise Router
    Cloud Connect
    Migration
    Cloud Data Migration
    Server Migration Service
    Object Storage Migration Service
    AI
    ModelArts
    Graph Engine Service
    Business Applications
    Domain Name Service
    Workspace
    Media Services
    Live
    Containers
    Cloud Container Engine
    SoftWare Repository for Container
    Application Service Mesh
    Middleware
    Distributed Cache Service
    API Gateway
    Distributed Message Service for Kafka
    Distributed Message Service for RocketMQ
    Distributed Message Service for RabbitMQ
    EventGrid
    Developer Tools
    API Request Signing Guide
    Koo Command Line Interface
    Terraform
    Content Delivery & Edge Computing
    Content Delivery Network
    Compute
    Elastic Cloud Server
    Bare Metal Server
    Auto Scaling
    Image Management Service
    FunctionGraph
    Networking
    Virtual Private Cloud
    Elastic IP
    Elastic Load Balance
    NAT Gateway
    Direct Connect
    Virtual Private Network
    VPC Endpoint
    Global Accelerator
    Enterprise Router
    Cloud Connect
    Management & Governance
    Identity and Access Management
    Cloud Eye
    Resource Formation Service
    Simple Message Notification
    Cloud Trace Service
    Application Operations Management
    Tag Management Service
    Log Tank Service
    Config
    Migration
    Cloud Data Migration
    Server Migration Service
    Object Storage Migration Service
    Cloud Ecosystem
    KooGallery
    Partner Center
    AI
    ModelArts
    Graph Engine Service
    User Support
    My Account
    Billing Center
    Cost Center
    My Credentials
    Enterprise Management
    Support Plans
    Partner Support Plans
    Professional Services
    Service Tickets
    Customer Operation Capabilities
    Resource Center
    Business Applications
    Domain Name Service
    Workspace
    Security & Compliance
    Web Application Firewall
    Data Encryption Workshop
    Database Security Service
    Data Security Center
    Anti-DDoS
    Host Security Service
    Cloud Firewall
    Cloud Bastion Host
    Cloud Certificate Manager
    SecMaster
    Media Services
    Live
    Storage
    Object Storage Service
    Elastic Volume Service
    Cloud Backup and Recovery
    Scalable File Service Turbo
    Scalable File Service
    Containers
    Cloud Container Engine
    SoftWare Repository for Container
    Application Service Mesh
    Databases
    Relational Database Service
    Document Database Service
    Data Replication Service
    Distributed Database Middleware
    GeminiDB
    Data Admin Service
    TaurusDB
    Middleware
    Distributed Cache Service
    API Gateway
    Distributed Message Service for Kafka
    Distributed Message Service for RocketMQ
    Distributed Message Service for RabbitMQ
    EventGrid
    Analytics
    MapReduce Service
    Data Lake Insight
    Cloud Search Service
    GaussDB(DWS)
    DataArts Studio
    Developer Tools
    API Request Signing Guide
    Koo Command Line Interface
    Terraform
    Others
    System Permissions
    Common FAQs
    Instructions for Associating with a HUAWEI CLOUD Partner
    Message Center
    Content Delivery & Edge Computing
    Content Delivery Network
    Developer Services
    CodeArts
    CodeArts Req
    CodeArts Pipeline
    CodeArts Check
    CodeArts Build
    CodeArts Deploy
    CodeArts TestPlan
    CodeArts Artifact
    CodeArts Repo

      All results for "" in this service

      On this page

      Show all

      Help Center/ Identity and Access Management/ Function Overview
      Function Overview

      Function Overview

      • OBS 2.0 Supported

        Permissions Management

      • OBS 2.0 Supported

        IAM User Management

      • OBS 2.0 Supported

        User Group Management

      • OBS 2.0 Supported

        Custom Policies

      • OBS 2.0 Supported

        Project Management

        • Projects group and isolate resources (including compute, storage, and network resources) across physical regions. A default project is provided for each HUAWEI CLOUD region, and subprojects can be created under a default project. IAM users can be granted permissions to access all resources in a specific project.

          For more refined access control, create subprojects under a project and purchase resources in the subprojects. IAM users can then be assigned permissions to access only specific resources in the subprojects.

          All regions

          Creating a Project 

          Granting a User Group Permissions for a Project

      • OBS 2.0 Supported

        Agency Management

        • IAM enables you to delegate resource access to another account or a specific cloud service.

          Account delegation: You can delegate another HUAWEI CLOUD account to implement O&M on your resources based on assigned permissions. For example, assume that account A wants to delegate account B to manage its resources.

          Cloud service delegation: HUAWEI CLOUD services interwork with each other, and some cloud services are dependent on other services. You can delegate a cloud service to access other services and perform resource O&M. Take a Graph Engine Service (GES) agency as an example. The agency allows GES to call cloud services on your behalf, for example, to bind your EIP to the primary load balancer when a failover occurs.

          All regions

          Account Delegation

          Cloud Service Delegation

      • OBS 2.0 Supported

        Account Settings

      • OBS 2.0 Supported

        MFA

        • MFA authentication provides an additional layer of protection on top of the username and password. If you enable MFA authentication, users need to enter the username and password as well as a verification code before they can log in to the console.

          MFA authentication can also be enabled to verify a user's identity before the user is allowed to perform critical operations. When a user attempts to perform a critical operation, the user needs to enter a verification code to proceed.

          All regions

          MFA Authentication

          Virtual MFA Device

      • OBS 2.0 Supported

        Federated Identity Authentication

        • HUAWEI CLOUD provides the identity provider function to implement federated identity authentication based on SAML. This function allows users in your own identity authentication system to access resources in your HUAWEI CLOUD account through single sign-on (SSO).

          HUAWEI CLOUD supports two types of federated identity authentication:

          • Web SSO: Browsers are used as the communication media. This authentication type enables common users to access HUAWEI CLOUD using browsers.
          • API calling: Development tools (such as OpenStack Client and ShibbolethECP Client) are used as the communication media. This authentication type enables enterprise users and common users to access HUAWEI CLOUD by calling APIs.

          All regions

          SAML-based Federated Identity Authentication

          OpenID Connect–based Federated Identity Authentication

      • OBS 2.0 Supported

        Auditing

        • IAM operations are recorded by Cloud Trace Service (CTS), which is a log audit service provided by HUAWEI CLOUD. CTS collects, stores, and queries records of operations on IAM resources, facilitating security analysis, compliance auditing, resource tracking, and fault locating.

          To view the key operations on IAM, such as creating or deleting a user, enable the CTS service.

          All regions

          Enabling CTS

          Viewing IAM Audit Logs

      • OBS 2.0 Supported

        Recommendations for Using IAM

        • To establish secure access to your HUAWEI CLOUD resources, follow these recommendations for the IAM service.

          All regions

          Recommendations for Using IAM

      • OBS 2.0 Supported

        APIs

        • IAM provides Representational State Transfer (REST) APIs, which you can call using HTTPS requests.

          All regions

          How Do I Call APIs?
      Feedback

      Feedback

      Feedback

      0/500

      Selected Content

      Submit selected content with the feedback