Updated on 2023-04-13 GMT+08:00

What's New

The following tables describe the features released in each IAM version and corresponding documentation updates. New features will be successively launched in each region.

May 2022

No.

Feature

Description

Phase

Document

1

Batch operations supported

You can perform batch operations on the console, including batch modifying IAM user information, batch deleting IAM users, user groups, or agencies, and batch revoking permissions of a user group.

Commercial use

Batch Modifying IAM User Information

Batch Deleting IAM Users, Batch Deleting User Groups, Batch Revoking Permissions of a User Group, and Batch Deleting Agencies

March 2022

No.

Feature

Description

Phase

Document

1

Identity provider creation supported

When creating an identity provider compatible with Security Assertion Markup Language (SAML), the administrator can select virtual user SSO or IAM user SSO.

  • Virtual user: After a user logs in to HUAWEI CLOUD through an identity provider, the system automatically creates a virtual identity for the user. Multiple identity providers of the virtual user SSO type can be created under an account.
  • IAM user: After a user logs in to HUAWEI CLOUD through an identity provider, the system maps the user to an IAM user based on the configured identity conversion rules. Only one identity provider of the IAM user SSO type can be created under an account.

Commercial use

Create an Identity Provider

January 2022

No.

Feature

Description

Phase

Document

1

Agency authorization by enterprise project

You can flexibly grant permissions for using specified enterprise projects to other accounts.

Commercial use

Creating an Agency

December 2021

No.

Feature

Description

Phase

Document

1

Authorization by enterprise project

You can assign permissions to enterprise projects' users and user groups on the IAM console without going to the Enterprise Center.

Commercial use

Assigning Permissions to a User Group

2

Recommending authorization scope based on permissions

An authorization scope is recommended based on selected permissions to comply with the principle of least privilege.

Commercial use

3

Creation of custom policies during authorization

You can create custom policies during authorization.

Commercial use

Creating a Custom Policy

November 2021

No.

Feature

Description

Phase

Document

1

Limit on the number of mapping rules for identity providers

You can query and modify the total quota of mapping rules for all identity providers in your account.

Commercial use

Notes and Constraints

September 2021

No.

Feature

Description

Phase

Document

1

Permissions management upgraded

  • You can view permissions assigned to specific users, user groups, or agencies.
  • All authorization records under your account are displayed on the Permissions > Assignment page.
  • You can view authorization records by IAM or enterprise projects.

Commercial use

Viewing Authorization Records

2

Information self-management

  • If information self-management is enabled, all IAM users can manage their own Basic Information (login password, mobile number, and email address).
  • If information self-management is disabled, only administrators can manage their own basic information.

Commercial use

Information Self-Management

April 2021

No.

Feature

Description

Phase

Document

1

Federated user login

After the administrator of your enterprise creates an identity provider and configures identity conversion rules on HUAWEI CLOUD, federated users can log in to HUAWEI CLOUD using their account names and passwords for the enterprise identity system. Then these users can use cloud services based on assigned permissions.

Commercial use

Logging In as a Federated User

March 2021

No.

Feature

Description

Phase

Document

1

HUAWEI CLOUD login with a HUAWEI ID

A HUAWEI ID is a unified identity that you can use to visit all websites of Huawei. Now you can use your HUAWEI ID to log in to the HUAWEI CLOUD management console.

Commercial use

Logging In to HUAWEI CLOUD

2

Display of access type, MFA device binding status, password age, and access key status in the user list

The administrator can select the displayed items of the user list. The available items include description, last login time, creation time, access type, MFA device binding status, password age, and access key status.

Commercial use

Viewing or Modifying IAM User Information

February 2021

No.

Feature

Description

Phase

Document

1

Customization of agency validity period

The administrator can customize the validity period when creating or modifying an agency.

An agency can be of unlimited validity or be valid for 1 day or a specific number of days (1 to 365).

Commercial use

Creating an Agency

January 2021

No.

Feature

Description

Phase

Document

1

Access key management

  • If you enable access key management, only the IAM users who have been granted the required permissions can manage (create, enable, disable, and delete) their own access keys.
  • If you disable this option, all IAM users can manage access keys.

Commercial use

Access Key Management

December 2020

No.

Feature

Description

Phase

Document

1

Access type changed for IAM users

The administrator can change the access type of an IAM user on the Basic Information page.

The following access types are supported:

  • Programmatic access
  • Management console access
  • Programmatic access and management console access

Commercial use

Modifying Basic Information

November 2020

No.

Feature

Description

Phase

Document

1

OpenID Connect–based federated identity authentication

You can configure OpenID Connect–based identity authentication to federate users to HUAWEI CLOUD. To do this, create OAuth 2.0 credentials in your enterprise IdP, create an OpenID Connect identity provider in HUAWEI CLOUD, configure authorization information and identity conversion rules, and add the login link of HUAWEI CLOUD to your enterprise IdP. In this way, users in your enterprise can log in to HUAWEI CLOUD through single sign-on (SSO).

Commercial use

OpenID Connect–based Federated Identity Authentication

March 2020

No.

Feature

Description

Phase

Document

1

Policy-based access control

You can grant users required permissions using system-defined and custom policies.

Commercial use

Policies

January 2020

No.

Feature

Description

Phase

Document

1

New edition of user group and agency authorization pages

  • The Policies menu in the navigation pane is now named Permissions.
  • "RBAC policy" and "fine-grained policy" are now called "system-defined role" and "system-defined policy". Together, system-defined roles, system-defined policies, and custom policies are called "permissions".
  • A system-define policy with read-only permissions for IAM is now available.
  • You can now grant users permissions using multiple policies or roles or assign permissions for multiple projects at a time.

Commercial use

November 2019

No.

Feature

Description

Phase

Document

1

Higher custom policy quota

You can create up to 200 custom policies.

Commercial use

Notes and Constraints

September 2019

No.

Feature

Description

Phase

Document

1

Visualized custom policy creation

You can create custom policies using the visual editor or in JSON view. With the visual editor, you can easily create a custom policy by specifying the cloud service, actions, resources, and request conditions. You do not need to have knowledge of JSON syntax.

Commercial use

Creating a Custom Policy

Earlier Feature Releases

View PDF of earlier feature releases.