Help Center/ Organizations/ Best Practices/ Logging In with the New Account via IAM Identity Center
Updated on 2025-08-04 GMT+08:00
View PDF
Share

Logging In with the New Account via IAM Identity Center

Application Scenarios

When enterprises migrate new services to the cloud or expand existing services for diving into the cloud, they create new member accounts and configure resources for those accounts. In keeping with industry best practices, member account credentials (such as account keys and passwords) must be strictly controlled to prevent service risks caused by permission explosion.

This section describes how to sign in with the new account created in Organizations.

Prerequisites

You have enabled IAM Identity Center.

Step 1: Creating a Service Account

  1. Log in to Huawei Cloud as an organization administrator or using the management account, navigate to the Organizations console, and go to the Organization page.
  2. Click Add and click Add Account.
  3. Select Create new in the displayed dialog box.
  4. Enter an account name. You can enter the account description as required.
  5. Click OK. The new account is added to the list.

Step 2: Creating a Group for the Service Team

  1. Navigate to the IAM Identity Center console.
  2. In the navigation pane, choose Groups.
  3. Click Create Group in the upper right corner.
  4. On the displayed page, enter a group name and description.
  5. Click OK. An IAM Identity Center group is created and displayed in the group list.

Step 3: Creating a User for the Service Team

  1. In the navigation pane of IAM Identity Center, choose Users.
  2. Click Create User in the upper right corner.
  3. Configure user information (including the username and email address), select Send an email to this user with password setup instructions, and click Next.
  4. On the displayed page, select a group, add the user to this group, and click Next.
  5. On the Confirm page, confirm the configuration and click OK. The IAM Identity Center user you created is displayed in the user list.

Step 4: Creating a Permission Set

  1. In the navigation pane of IAM Identity Center, choose Multi-Account Permissions > Permission Sets.
  2. On the displayed page, click Create Permission Set in the upper right corner.
  3. On the Specify Details page, configure basic information for the permission set and click Next.
  4. On the Set Policy page, configure system-defined policies, custom identity policies, and custom policies for the permission set, and click Next.
  5. On the Confirm page, confirm the configuration and click OK.

Step 5: Associating the Service Account with the Group and Permission Set

  1. In the navigation pane of IAM Identity Center, choose Multi-Account Permissions > Accounts.
  2. Select the new service account from the account list and click Assign User/Group in the upper left corner.
  3. On the Select User/Group page, select the group to be associated and click Next.
  4. On the Select Permission Set page, select the permission set to be associated and click Next.
  5. On the Confirm page, confirm the configuration and click OK.

Step 6: Logging In as an IAM Identity Center User and Accessing Resources

  1. Open your email and click the link to accept the invitation in the password setting email sent by Huawei Cloud.
  2. Change the password. Then, enter the username and click Next. Enter the password and click Lon In.
  3. Click Access Console in the Operation column to access resources allowed by the permission set associated with the service account.