Help Center> Identity and Access Management> What's New

Updated on 2023-04-13 GMT+08:00

View PDF

What's New

The following tables describe the features released in each IAM version and corresponding documentation updates. New features will be successively launched in each region.

May 2022

No.	Feature	Description	Phase	Document
1	Batch operations supported	You can perform batch operations on the console, including batch modifying IAM user information, batch deleting IAM users, user groups, or agencies, and batch revoking permissions of a user group.	Commercial use	Batch Modifying IAM User Information Batch Deleting IAM Users, Batch Deleting User Groups, Batch Revoking Permissions of a User Group, and Batch Deleting Agencies

No.

Feature

Description

Phase

Document

Batch operations supported

You can perform batch operations on the console, including batch modifying IAM user information, batch deleting IAM users, user groups, or agencies, and batch revoking permissions of a user group.

Commercial use

Batch Modifying IAM User Information

Batch Deleting IAM Users, Batch Deleting User Groups, Batch Revoking Permissions of a User Group, and Batch Deleting Agencies

March 2022

No.	Feature	Description	Phase	Document
1	Identity provider creation supported	When creating an identity provider compatible with Security Assertion Markup Language (SAML), the administrator can select virtual user SSO or IAM user SSO. Virtual user: After a user logs in to HUAWEI CLOUD through an identity provider, the system automatically creates a virtual identity for the user. Multiple identity providers of the virtual user SSO type can be created under an account. IAM user: After a user logs in to HUAWEI CLOUD through an identity provider, the system maps the user to an IAM user based on the configured identity conversion rules. Only one identity provider of the IAM user SSO type can be created under an account.	Commercial use	Create an Identity Provider

No.

Feature

Description

Phase

Document

Identity provider creation supported

When creating an identity provider compatible with Security Assertion Markup Language (SAML), the administrator can select virtual user SSO or IAM user SSO.

Virtual user: After a user logs in to HUAWEI CLOUD through an identity provider, the system automatically creates a virtual identity for the user. Multiple identity providers of the virtual user SSO type can be created under an account.
IAM user: After a user logs in to HUAWEI CLOUD through an identity provider, the system maps the user to an IAM user based on the configured identity conversion rules. Only one identity provider of the IAM user SSO type can be created under an account.

Commercial use

Create an Identity Provider

January 2022

No.	Feature	Description	Phase	Document
1	Agency authorization by enterprise project	You can flexibly grant permissions for using specified enterprise projects to other accounts.	Commercial use	Creating an Agency

December 2021

No.	Feature	Description	Phase	Document
1	Authorization by enterprise project	You can assign permissions to enterprise projects' users and user groups on the IAM console without going to the Enterprise Center.	Commercial use	Assigning Permissions to a User Group
2	Recommending authorization scope based on permissions	An authorization scope is recommended based on selected permissions to comply with the principle of least privilege.	Commercial use	Assigning Permissions to a User Group
3	Creation of custom policies during authorization	You can create custom policies during authorization.	Commercial use	Creating a Custom Policy

November 2021

No.	Feature	Description	Phase	Document
1	Limit on the number of mapping rules for identity providers	You can query and modify the total quota of mapping rules for all identity providers in your account.	Commercial use	Notes and Constraints

September 2021

No.	Feature	Description	Phase	Document
1	Permissions management upgraded	You can view permissions assigned to specific users, user groups, or agencies. All authorization records under your account are displayed on the Permissions > Assignment page. You can view authorization records by IAM or enterprise projects.	Commercial use	Viewing Authorization Records
2	Information self-management	If information self-management is enabled, all IAM users can manage their own Basic Information (login password, mobile number, and email address). If information self-management is disabled, only administrators can manage their own basic information.	Commercial use	Information Self-Management

April 2021

No.	Feature	Description	Phase	Document
1	Federated user login	After the administrator of your enterprise creates an identity provider and configures identity conversion rules on HUAWEI CLOUD, federated users can log in to HUAWEI CLOUD using their account names and passwords for the enterprise identity system. Then these users can use cloud services based on assigned permissions.	Commercial use	Logging In as a Federated User

March 2021

No.	Feature	Description	Phase	Document
1	HUAWEI CLOUD login with a HUAWEI ID	A HUAWEI ID is a unified identity that you can use to visit all websites of Huawei. Now you can use your HUAWEI ID to log in to the HUAWEI CLOUD management console.	Commercial use	Logging In to HUAWEI CLOUD
2	Display of access type, MFA device binding status, password age, and access key status in the user list	The administrator can select the displayed items of the user list. The available items include description, last login time, creation time, access type, MFA device binding status, password age, and access key status.	Commercial use	Viewing or Modifying IAM User Information

February 2021

No.	Feature	Description	Phase	Document
1	Customization of agency validity period	The administrator can customize the validity period when creating or modifying an agency. An agency can be of unlimited validity or be valid for 1 day or a specific number of days (1 to 365).	Commercial use	Creating an Agency

No.

Feature

Description

Phase

Document

Customization of agency validity period

The administrator can customize the validity period when creating or modifying an agency.

An agency can be of unlimited validity or be valid for 1 day or a specific number of days (1 to 365).

Commercial use

Creating an Agency

January 2021

No.	Feature	Description	Phase	Document
1	Access key management	If you enable access key management, only the IAM users who have been granted the required permissions can manage (create, enable, disable, and delete) their own access keys. If you disable this option, all IAM users can manage access keys.	Commercial use	Access Key Management

December 2020

No.	Feature	Description	Phase	Document
1	Access type changed for IAM users	The administrator can change the access type of an IAM user on the Basic Information page. The following access types are supported: Programmatic access Management console access Programmatic access and management console access	Commercial use	Modifying Basic Information

No.

Feature

Description

Phase

Document

Access type changed for IAM users

The administrator can change the access type of an IAM user on the Basic Information page.

The following access types are supported:

Programmatic access
Management console access
Programmatic access and management console access

Commercial use

Modifying Basic Information

November 2020

No.	Feature	Description	Phase	Document
1	OpenID Connect–based federated identity authentication	You can configure OpenID Connect–based identity authentication to federate users to HUAWEI CLOUD. To do this, create OAuth 2.0 credentials in your enterprise IdP, create an OpenID Connect identity provider in HUAWEI CLOUD, configure authorization information and identity conversion rules, and add the login link of HUAWEI CLOUD to your enterprise IdP. In this way, users in your enterprise can log in to HUAWEI CLOUD through single sign-on (SSO).	Commercial use	OpenID Connect–based Federated Identity Authentication

March 2020

No.	Feature	Description	Phase	Document
1	Policy-based access control	You can grant users required permissions using system-defined and custom policies.	Commercial use	Policies

January 2020

No.	Feature	Description	Phase	Document
1	New edition of user group and agency authorization pages	The Policies menu in the navigation pane is now named Permissions. "RBAC policy" and "fine-grained policy" are now called "system-defined role" and "system-defined policy". Together, system-defined roles, system-defined policies, and custom policies are called "permissions". A system-define policy with read-only permissions for IAM is now available. You can now grant users permissions using multiple policies or roles or assign permissions for multiple projects at a time.	Commercial use	Basic Concepts Change to the System-Defined Policy Names Creating a User Group and Assigning Permissions

November 2019

No.	Feature	Description	Phase	Document
1	Higher custom policy quota	You can create up to 200 custom policies.	Commercial use	Notes and Constraints

September 2019

No.	Feature	Description	Phase	Document
1	Visualized custom policy creation	You can create custom policies using the visual editor or in JSON view. With the visual editor, you can easily create a custom policy by specifying the cloud service, actions, resources, and request conditions. You do not need to have knowledge of JSON syntax.	Commercial use	Creating a Custom Policy

Earlier Feature Releases

View PDF of earlier feature releases.

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel