Identity and Access Management
Identity and Access Management
All results for "
" in this service
All results for "
" in this service
What's New
Function Overview
Service Overview
Infographics
What Is IAM?
Basic Concepts
Functions
Supported Cloud Services
Permissions
Security
Shared Responsibilities
Authentication and Access Control
Identity Authentication
Configuring Access Control
Data Protection
IAM Side
Tenant Side
Resilience
Audit and Monitoring
Certificates
Notes and Constraints
Getting Started
Creating a User Group and Assigning Permissions
Creating an IAM User and Logging In
User Guide
Before You Start
Logging In to Huawei Cloud
IAM User Management
Overview
Creating an IAM User
Assigning Permissions to an IAM User
Logging In to Huawei Cloud as an IAM User
Managing IAM User Information
Modifying the User Group Which an IAM User Belongs to
Managing Access Keys for an IAM User
Modifying Security Settings for an IAM User
Managing Permissions Assigned to IAM Users
Deleting IAM Users
User Group Management
Overview
Creating a User Group and Assigning Permissions
Adding IAM Users to or Removing IAM Users from a User Group
Deleting User Groups
Managing User Group Information
Managing Permissions of a User Group
Assigning Dependency Roles
Permissions Management
Basic Concepts
Basic Concepts
Changes to the System-defined Policy Names
Role Syntax
Policy Syntax
Policy Variables
Policy Content
Authorization Records
Custom Policies
Creating a Custom Policy
Modifying or Deleting a Custom Policy
Custom Policy Examples
Cloud Services that Support Resource-Level Authorization Using IAM
Project Management
Agency Management
Agency Overview
Delegating Another Account for Resource Management
Process for Account Delegation
Creating an Agency and Assigning Permissions
Assigning Agency Permissions to an IAM User
Managing Delegated Resources
Delegating Another Service for Resource Management
Deleting or Modifying Agencies
Security Settings
Security Settings Overview
Basic Information
Critical Operation Protection
Login Authentication Policy
Password Policy
ACL
Identity Providers
Overview
Application Scenarios of Virtual User SSO and IAM User SSO
Virtual User SSO via SAML
Overview of Virtual User SSO via SAML
Creating an IdP Entity
Configuring an Enterprise IdP
Configuring Identity Conversion Rules
Verifying the Login
Configuring a Federated Login Entry in the Enterprise IdP
IAM User SSO via SAML
Overview of IAM User SSO via SAML
Creating an IdP Entity
Configuring an Enterprise IdP
Configuring an External Identity ID
Verifying the Login
Configuring a Federated Login Entry in the Enterprise IdP
Virtual User SSO via OpenID Connect
Overview of Virtual User SSO via OpenID Connect
Creating an IdP Entity
Configuring Identity Conversion Rules
Configuring a Federated Login Entry in the Enterprise IdP
Syntax of Identity Conversion Rules
Custom Identity Broker
Configuring a Custom Identity Broker with an Agency
Creating a FederationProxyUrl Using an Agency
Configuring a Custom Identity Broker with a Token
Creating a FederationProxyUrl Using a Token
MFA Authentication
Overview
Configuring a Virtual MFA Device
Configuring a Security Key
CTS Auditing
Key IAM Operations Supported by CTS
Viewing CTS Traces in the Trace List
Quota Adjustment
Best Practices
Best Practices for Using IAM
Assigning Permissions to O&M Personnel Using IAM
IAM Custom Policy Examples
Delegating Other Accounts or Cloud Services for Resource Management
Delegating Permissions Across Accounts with Agencies
Accessing Other Cloud Services from ECS Using Temporary Access Keys of an Agency
Using IAM to Authorize Specified Resources Across Different Regions
Handling Access Key Leakage
Access Key Restrictions
Restricting Access Time Using IAM
API Reference
Before You Start
API Overview
Calling APIs
Making an API Request
Authentication
Response
Getting Started
Periodic Rotation of Access Keys
Federated Authentication for Enterprise Accounts
Security Auditing on Permissions of IAM Users
API
Token Management
Obtaining a User Token Through Password Authentication
Obtaining a User Token Through Password and Virtual MFA Authentication
Obtaining an Agency Token
Verifying a Token
Access Key Management
Obtaining Temporary Access Keys and Security Tokens of an Agency
Obtaining Temporary Access Keys and Security Tokens of an IAM User
Creating a Permanent Access Key
Querying Permanent Access Keys
Querying a Permanent Access Key
Modifying a Permanent Access Key
Deleting a Permanent Access Key
Region Management
Listing Regions
Querying Region Details
Project Management
Querying Project Information
Listing Projects
Listing Projects Accessible to an IAM User
Creating a Project
Modifying Project Information
Querying Project Information
Changing Project Status
Querying Project Information and Status
Querying the Quotas of a Project
Account Management
Querying Account Information Accessible to an IAM User
Querying the Password Strength Policy
Querying the Password Strength Policy
Querying the Quotas of an Account
IAM User Management
Listing IAM Users
Querying IAM User Details (Recommended)
Querying IAM User Details
Querying the User Groups Which an IAM User Belongs to
Querying the IAM Users in a Group
Creating an IAM User (Recommended)
Creating an IAM User
Changing the Login Password
Modifying IAM User Information (By an IAM User) (Recommended)
Modifying IAM User Information (By the Administrator) (Recommended)
Modifying IAM User Information (By the Administrator)
Deleting an IAM User
User Group Management
Listing User Groups
Querying User Group Details
Creating a User Group
Updating User Group Information
Deleting a User Group
Checking Whether an IAM User Belongs to a User Group
Adding an IAM User to a User Group
Removing an IAM User from a User Group
Permissions Management
Listing Permissions
Querying Permission Details
Querying Permissions Assignment Records
Querying Permissions of a User Group for a Global Service Project
Querying Permissions of a User Group for a Region-specific Project
Granting Permissions to a User Group for a Global Service Project
Granting Permissions to a User Group for a Region-specific Project
Checking Whether a User Group Has Specified Permissions for a Global Service Project
Checking Whether a User Group Has Specified Permissions for a Region-specific Project
Querying All Permissions of a User Group
Checking Whether a User Group Has Specified Permissions for All Projects
Removing Specified Permissions of a User Group in All Projects
Removing Permissions of a User Group for a Global Service Project
Removing the Permissions of a User Group for a Region-specific Project
Granting Permissions to a User Group for All Projects
Custom Policy Management
Listing Custom Policies
Querying Custom Policy Details
Creating a Custom Policy for Cloud Services
Creating a Custom Policy for Agencies
Modifying a Custom Policy for Cloud Services
Modifying a Custom Policy for Agencies
Deleting a Custom Policy
Agency Management
Listing Agencies
Querying Agency Details
Creating an Agency
Modifying an Agency
Deleting an Agency
Querying Permissions of an Agency for a Global Service Project
Querying Permissions of an Agency for a Region-specific Project
Granting Permissions to an Agency for a Global Service Project
Granting Permissions to an Agency for a Region-specific Project
Checking Whether an Agency Has Specified Permissions for a Global Service Project
Checking Whether an Agency Has Specified Permissions for a Region-specific Project
Removing Permissions of an Agency for a Global Service Project
Removing Permissions of an Agency for a Region-specific Project
Querying All Permissions of an Agency
Granting Specified Permissions to an Agency for All Projects
Checking Whether an Agency Has Specified Permissions
Removing Specified Permissions of an Agency in All Projects
Enterprise Project Management
Querying User Groups Associated with an Enterprise Project
Querying the Permissions of a User Group Associated with an Enterprise Project
Granting Permissions to a User Group Associated with an Enterprise Project
Removing Permissions of a User Group Associated with an Enterprise Project
Querying the Enterprise Projects Associated with a User Group
Querying the Enterprise Projects Directly Associated with an IAM User
Querying Users Directly Associated with an Enterprise Project
Querying Permissions of a User Directly Associated with an Enterprise Project
Granting Permissions to a User Associated with an Enterprise Project
Removing Permissions of a User Directly Associated with an Enterprise Project
Granting Permissions to Agencies Associated with Specified Enterprise Projects
Removing Permissions of Agencies Associated with Specified Enterprise Projects
Security Settings
Modifying the Operation Protection Policy
Querying the Operation Protection Policy
Modifying the Password Policy
Querying the Password Policy of an Account
Modifying the Login Authentication Policy
Querying the Login Authentication Policy
Modifying the ACL for Console Access
Querying the ACL for Console Access
Modifying the ACL for API Access
Querying the ACL for API Access
Listing MFA Device Information of IAM Users
Querying the MFA Device Information of an IAM User
Listing Login Protection Configurations of IAM Users
Querying the Login Protection Configuration of an IAM User
Modifying the Login Protection Configuration of an IAM User
Binding a Virtual MFA Device
Unbinding a Virtual MFA Device
Creating a Virtual MFA Device
Deleting a Virtual MFA Device
Federated Identity Authentication Management
Obtaining a Token Through Federated Identity Authentication
SP Initiated
IdP Initiated
Identity Providers
Listing Identity Providers
Querying Identity Provider Details
Creating an Identity Provider
Modifying a SAML Identity Provider
Deleting a SAML Identity Provider
Creating an OpenID Connect Identity Provider Configuration
Modifying an OpenID Connect Identity Provider
Querying an OpenID Connect Identity Provider
Mappings
Listing Mappings
Querying Mapping Details
Registering a Mapping
Updating a Mapping
Deleting a Mapping
Protocols
Listing Protocols
Querying Protocol Details
Registering a Protocol
Updating a Protocol
Deleting a Protocol
Metadata
Querying a Metadata File
Querying the Metadata File of Keystone
Importing a Metadata File
Token
Obtaining an Unscoped Token (IdP Initiated)
Obtaining a Scoped Token
Obtaining a Token with an OpenID Connect ID Token
Obtaining an Unscoped Token with an OpenID Connect ID Token
Temporary Access Keys
Obtaining Temporary Access Keys and Security Tokens of a Federated User
Listing Accounts Accessible to Federated Users
Listing Projects Accessible to Federated Users
Custom Identity Brokers
Obtaining a Login Token
Version Information Management
Querying the Version Information of Keystone APIs
Querying Information About Keystone API 3.0
Services and Endpoints
Listing Services
Querying Service Details
Querying the Service Catalog
Listing Endpoints
Querying Endpoint Details
Out-of-Date APIs
Querying User Groups Associated with an Enterprise Project
Querying the Permissions of a User Group Associated with an Enterprise Project
Granting Permissions to a User Group Associated with an Enterprise Project
Removing the Permissions of a User Group Associated with an Enterprise Project
Permissions and Actions
Permissions and Supported Actions
Actions
Appendix
Status Codes
Error Codes
Obtaining Account, IAM User, Group, Project, Region, and Agency Information
SDK Reference
SDK Overview
FAQs
User Groups and Permissions Management
Why Can't I Find Permissions for a Cloud Service?
How Do I Grant Cloud Service Permissions in the EU-Dublin Region to IAM Users?
Why Have Permissions Granted to a User Not Been Applied?
What Should I Do If an IAM User Does Not Have the Required Permissions to Access the IAM Console?
How Can I Grant an IAM User Permissions to Place Orders But Disallow Order Payment?
IAM User Management
Why Does IAM User Login Fail?
How Do I Allow IAM Users to Access the Console from Specific IP Addresses?
Security Settings
How Do I Enable Login Verification?
How Do I Disable Login Verification?
How Do I Change the Verification Method for Performing Critical Operations?
How Do I Disable Operation Protection?
How Do I Bind a Virtual MFA Device?
How Do I Obtain a Virtual MFA Verification Code?
How Do I Unbind or Remove a Virtual MFA Device?
Why Does MFA Authentication Fail?
Why Am I Not Getting the Verification Code?
Why Is My Account Locked?
Why Doesn't My API Access Control Policy Take Effect?
Why Do I Still Need to Perform MFA During Login After Unbinding the Virtual MFA Device?
Passwords and Credentials
What Should I Do If I Forgot the Password of an IAM User or Account?
How Do I Change the Password of an IAM User or Account?
How Do I Obtain an Access Key (AK/SK)?
What Should I Do If I Have Forgotten My Access Key (AK/SK)?
What Are Temporary Security Credentials (AK/SK and Security Token)?
How Do I Obtain a Token with Security Administrator Permissions?
How Do I Obtain Access Keys (AK/SK Pairs) for the EU-Dublin Region?
Project Management
What Are the Differences Between IAM and Enterprise Management?
What Are the Differences Between IAM Projects and Enterprise Projects?
What Are the Differences Between IAM Users and Enterprise Member Accounts?
Agency Management
How Can I Obtain Permissions to Create an Agency?
Account Management
Why Does Account Login Fail?
What Are the Relationships Between a Huawei Cloud Account, HUAWEI ID, IAM User, and Federated User?
What Are the Possible Causes of a HUAWEI ID Upgrade Failure?
Can I Log In with My Huawei Cloud Account After Upgrading It to a HUAWEI ID?
Others
How Do I Obtain a User Token Using Postman?
Why Is the Field-Level Help Always Displayed?
How Do I Disable Autofill Password on Google Chrome?
How Do I Apply for the Permissions to Access Resources in a Cloud Alliance Region Using My Huawei Cloud Account or HUAWEI ID?
Videos
More Documents
User Guide (ME-Abu Dhabi Region)
Service Overview
What Is IAM?
Basic Concepts
Functions
Personal Data Protection Mechanism
Permissions Management
Getting Started
Before You Start
Step 1: Create User Groups and Assign Permissions
Step 2: Create IAM Users and Log In
User Guide
Before You Start
IAM Users
Creating an IAM User
Assigning Permissions to an IAM User
Logging In as an IAM User
Viewing or Modifying IAM User Information
Deleting an IAM User
Changing the Login Password of an IAM User
Managing Access Keys for an IAM User
User Groups and Authorization
Creating a User Group and Assigning Permissions
Adding Users to or Removing Users from a User Group
Deleting a User Group
Viewing or Modifying User Group Information
Revoking Permissions of a User Group
Assigning Dependency Roles
Permissions
Basic Concepts
Roles
Policies
Policy Content
Policy Syntax
Authentication Process
Authorization Records
Custom Policies
Creating a Custom Policy
Modifying or Deleting a Custom Policy
Custom Policy Use Cases
Projects
Agencies
Account Delegation
Delegating Resource Access to Another Account
Creating an Agency (by a Delegating Party)
(Optional) Assigning Permissions to an IAM User (by a Delegated Party)
Switching Roles (by a Delegated Party)
Cloud Service Delegation
Deleting or Modifying Agencies
Account Security Settings
Account Security Settings Overview
Account Settings
Critical Operation Protection
Login Authentication Policy
Password Policy
ACL
Identity Providers
Introduction
SAML-based Federated Identity Authentication
Configuration of SAML-based Federated Identity Authentication
Step 1: Create an Identity Provider
Step 2: Configure Identity Conversion Rules
(Optional) Step 3: Configure Login Link in the Enterprise Management System
Syntax of Identity Conversion Rules
MFA Authentication and Virtual MFA Device
MFA Authentication
Virtual MFA Device
Viewing IAM Operation Records
Enabling CTS
Viewing IAM Audit Logs
Quotas
FAQs
User Groups and Permissions Management
How Do I Grant Cloud Service Permissions in the ME-Abu Dhabi-OP5 Region to IAM Users?
IAM User Management
Why Does IAM User Login Fail?
How Do I Control IAM User Access to the Console?
Security Settings
How Do I Enable Login Authentication?
How Do I Disable Login Authentication?
How Do I Change the Verification Method for Performing Critical Operations?
How Do I Disable Operation Protection?
How Do I Bind a Virtual MFA Device?
How Do I Obtain a Virtual MFA Verification Code?
How Do I Unbind or Remove a Virtual MFA Device?
Why Does MFA Authentication Fail?
Why Am I Not Getting the Verification Code?
Passwords and Credentials
How Do I Reset My Password?
How Do I Change My Password?
What Should I Do If I Have Forgotten My Access Key (AK/SK)?
What Are Temporary Security Credentials (AK/SK and SecurityToken)?
How Do I Obtain a Token with Security Administrator Permissions?
How Do I Obtain an Access Key (AK/SK) in the ME-Abu Dhabi-OP5 Region?
Project Management
What Are the Differences Between IAM and Enterprise Management?
What Are the Differences Between IAM Projects and Enterprise Projects?
Agency Management
How Can I Obtain Permissions to Create an Agency?
Others
Why Is the Field-Level Help Always Displayed?
How Do I Disable Autofill Password on Google Chrome?
Change History
API Reference (ME-Abu Dhabi Region)
Before You Start
Overview
API Calling
Endpoints
Constraints
Concepts
API Overview
Calling APIs
Making an API Request
Authentication
Response
APIs
Token Management
Obtaining a User Token
Project Management
Querying Project Information Based on the Specified Criteria
Permissions Policies and Supported Actions
Introduction
Appendix
Status Codes
Error Codes
Obtaining User, Account, User Group, Project, and Agency Information
Change History
User Guide (Paris Regions)
Service Overview
What Is IAM?
IAM Features
Identity Management
Permissions
Personal Data Protection Mechanism
Getting Started
Getting Started with IAM
Creating a Security Administrator
Creating a User Group and Assigning Permissions
Creating a User and Adding the User to a User Group
Logging In as an IAM User
User Guide
IAM Users
Creating a User
Managing IAM Users and Permissions
Viewing and Modifying User Information
Modifying User Permissions
Switching Projects or Regions
User Groups and Authorization
Creating a User Group and Assigning Permissions
Viewing and Modifying User Group Information
Assigning Dependency Roles
Permissions
Fine-Grained Policies
Policy Syntax
Creating a Custom Policy
Custom Policy Use Cases
Account Settings
Projects
Agencies
Account Delegation
Delegating Resource Access to Another Account
Creating an Agency (by a Delegating Party)
(Optional) Assigning Permissions to an IAM User (by a Delegated Party)
Switching Roles (by a Delegated Party)
Cloud Service Delegation
Deleting or Modifying Agencies
Identity Providers
Introduction
Application Scenarios of Virtual User SSO and IAM User SSO
Virtual User SSO via SAML
Overview of Virtual User SSO via SAML
Step 1: Create an IdP Entity
Step 2: Configure the Enterprise IdP
Step 3: Configure Identity Conversion Rules
Step 4: Verify the Federated Login
(Optional) Step 5: Configure a Federated Login Entry in the Enterprise IdP
IAM User SSO via SAML
Overview of IAM User SSO via SAML
Step 1: Create an IdP Entity
Step 2: Configure the Enterprise IdP
Step 3: Configure an External Identity ID
Step 4: Verify the Federated Login
(Optional) Step 5: Configure a Federated Login Entry in the Enterprise IdP
Virtual User SSO via OpenID Connect
Overview of Virtual User SSO via OpenID Connect
Step 1: Create an IdP Entity
Step 2: Configure Identity Conversion Rules
(Optional) Step 3: Configure Login Link in the Enterprise Management System
Syntax of Identity Conversion Rules
MFA Authentication and Virtual MFA Device
Auditing
IAM Operations That Can Be Recorded by CTS
Viewing Audit Logs
FAQs
How Do I Enable Login Authentication?
How Do I Bind a Virtual MFA Device?
How Do I Obtain MFA Verification Codes?
How Do I Unbind a Virtual MFA Device?
Why Does IAM User Login Fail?
How Do I Control IAM User Access to the Console?
Differences Between IAM and Enterprise Management
What Are the Differences Between IAM Projects and Enterprise Projects?
How Can I Obtain Permissions to Create an Agency?
What Can I Do If Text Box Prompt Information Does Not Disappear?
How Do I Disable Password Association and Saving on Google Chrome?
How Do I Grant Cloud Service Permissions in the EU-Paris Region to IAM Users?
How Do I Obtain an Access Key (AK/SK) in the EU-Paris Region?
Change History
API Reference (Paris Regions)
Before You Start
Overview
API Calling
Endpoints
Constraints
Concepts
API Overview
Calling APIs
Making an API Request
Authentication
Response
APIs
Token Management
Obtaining a User Token
Project Management
Querying Project Information Based on the Specified Criteria
Permissions Policies and Supported Actions
Introduction
Appendix
Status Codes
Error Codes
Obtaining User, Account, User Group, Project, and Agency Information
Change History
User Guide (Kuala Lumpur Region)
Service Overview
What Is IAM?
Basic Concepts
Functions
Personal Data Protection
Permissions
Notes and Constraints
Getting Started
Before You Start
Step 1: Create User Groups and Assign Permissions
Step 2: Create IAM Users and Log In
User Guide
Before You Start
IAM Users
Creating an IAM User
Assigning Permissions to an IAM User
Logging In as an IAM User
Viewing or Modifying IAM User Information
Deleting an IAM User
Changing the Login Password of an IAM User
Managing Access Keys for an IAM User
User Groups and Authorization
Creating a User Group and Assigning Permissions
Adding Users to or Removing Users from a User Group
Deleting User Groups
Viewing or Modifying User Group Information
Revoking Permissions of a User Group
Assigning Dependency Roles
Permissions Management
Basic Concepts
Roles
Policies
Policy Content
Policy Syntax
Authentication Process
Authorization Records
Custom Policies
Creating a Custom Policy
Modifying or Deleting a Custom Policy
Custom Policy Use Cases
Cloud Services that Support Resource-Level Authorization Using IAM
Projects
Agencies
Account Delegation
Delegating Resource Access to Another Account
Creating an Agency (by a Delegating Party)
(Optional) Assigning Permissions to an IAM User (by a Delegated Party)
Switching Roles (by a Delegated Party)
Cloud Service Agency
Deleting or Modifying Agencies
Security Settings
Account Security Settings Overview
Basic Information
Critical Operation Protection
Login Authentication Policy
Password Policy
ACL
Identity Providers
Introduction
Identity Federation via SAML
Configuration of SAML-based Federated Identity Authentication
Step 1: Create an IdP Entity
Step 2: Configure Identity Conversion Rules
(Optional) Step 3: Configure a Federated Login Entry in the Enterprise IdP
Identity Federation Via OpenID Connect
Configuration of OpenID Connect–based Federated Identity Authentication
Step 1: Create an IdP Entity
Step 2: Configure Identity Conversion Rules
(Optional) Step 3: Configure a Federated Login Entry in the Enterprise IdP
Syntax of Identity Conversion Rules
MFA Authentication and Virtual MFA Device
MFA Authentication
Virtual MFA Device
Viewing IAM Operation Records
Enabling CTS
Querying Real-Time Traces
Quotas
FAQs
User Groups and Permissions Management
Why Can't I Find Permissions for a Cloud Service?
How Do I Grant Cloud Service Permissions in the AP-Kuala Lumpur-OP6 Region to IAM Users?
Why Permissions Granted to a User Do Not Take Effect?
IAM User Management
Why Does IAM User Login Fail?
How Do I Control IAM User Access to the Console?
Security Settings
How Do I Enable Login Verification?
How Do I Disable Login Verification?
How Do I Change the Verification Method for Performing Critical Operations?
How Do I Disable Operation Protection?
How Do I Bind a Virtual MFA Device?
How Do I Obtain a Virtual MFA Verification Code?
How Do I Unbind or Remove a Virtual MFA Device?
Why Does MFA Authentication Fail?
Why Am I Not Getting the Verification Code?
Why Is My Account Locked?
Why Do I Still Need to Perform MFA During Login After Unbinding the Virtual MFA Device?
Passwords and Credentials
What Should I Do If I Forgot My Password?
How Do I Change My Password?
What Should I Do If I Have Forgotten My Access Key (AK/SK)?
What Are Temporary Security Credentials (AK/SK and Security Token)?
How Do I Obtain a Token with Security Administrator Permissions?
How Do I Obtain an Access Key (AK/SK) in the AP-Kuala Lumpur-OP6 Region?
Project Management
What Are the Differences Between IAM and Enterprise Management?
What Are the Differences Between IAM Projects and Enterprise Projects?
Agency Management
How Can I Obtain Permissions to Create an Agency?
Others
Why Is the Field-Level Help Always Displayed?
How Do I Disable Autofill Password on Google Chrome?
Region and AZ
Change History
API Reference (Kuala Lumpur Region)
Before You Start
Overview
API Calling
Endpoints
Constraints
Concepts
API Overview
Calling APIs
Making an API Request
Authentication
Response
APIs
Token Management
Obtaining a User Token
Obtaining an Agency Token
Verifying a Token
Access Key Management
Obtaining a Temporary AK/SK
Creating a Permanent Access Key
Listing Permanent Access Keys
Querying a Permanent Access Key
Modifying a Permanent Access Key
Deleting a Permanent Access Key
Region Management
Querying a Region List
Querying Region Details
Project Management
Querying Project Information Based on the Specified Criteria
Querying a User Project List
Querying the List of Projects Accessible to Users
Creating a Project
Modifying Project Data
Querying Information About a Specified Project
Setting the Status of a Specified Project
Querying Information and Status of a Specified Project
Querying the Quotas of a Project
Tenant Management
Querying the List of Domains Accessible to Users
Querying the Password Strength Policy
Querying the Password Strength Policy by Option
Querying a Resource Quota
User Management
Querying a User List
Querying User Details
Querying User Details (Recommended)
Querying the User Group to Which a User Belongs
Querying Users in a User Group
Creating a User
Changing a Password
Modifying User Information
Modifying User Information (Including Email Address and Mobile Number)
Modifying User Information (Including Email Address and Mobile Number)
Deleting a User
Deleting a User from a User Group
Querying MFA Device Information of Users
Querying the MFA Device Information of a User
Querying Login Protection Configurations of Users
Querying the Login Protection Configuration of a User
Creating a Virtual MFA Device
Deleting a Virtual MFA Device
Binding a Virtual MFA Device
Unbinding a Virtual MFA Device
Modifying the Login Protection Configuration of a User
User Group Management
Listing User Groups
Querying User Group Details
Creating a User Group
Adding a User to a User Group
Updating a User Group
Deleting a User Group
Querying Whether a User Belongs to a User Group
Permission Management
Querying a Role List
Querying Role Details
Querying Permissions of a User Group Under a Domain
Querying Permissions of a User Group Corresponding to a Project
Granting Permissions to a User Group of a Domain
Granting Permissions to a User Group Corresponding to a Project
Deleting Permissions of a User Group Corresponding to a Project
Deleting Permissions of a User Group of a Domain
Querying Whether a User Group Under a Domain Has Specific Permissions
Querying Whether a User Group Corresponding to a Project Has Specific Permissions
Granting Permissions to a User Group for All Projects
Removing Specified Permissions of a User Group in All Projects
Checking Whether a User Group Has Specified Permissions for All Projects
Querying All Permissions of a User Group
Custom Policy Management
Listing Custom Policies
Querying Custom Policy Details
Creating a Custom Policy for Cloud Services
Creating a Custom Policy for Agencies
Modifying a Custom Policy for Cloud Services
Modifying a Custom Policy for Agencies
Deleting a Custom Policy
Agency Management
Creating an Agency
Querying an Agency List Based on the Specified Conditions
Obtaining Details of a Specified Agency
Modifying an Agency
Deleting an Agency
Granting Permissions to an Agency for a Project
Checking Whether an Agency Has the Specified Permissions on a Project
Querying the List of Permissions of an Agency on a Project
Deleting Permissions of an Agency on a Project
Granting Permissions to an Agency on a Domain
Checking Whether an Agency Has the Specified Permissions on a Domain
Querying the List of Permissions of an Agency on a Domain
Deleting Permissions of an Agency on a Domain
Querying All Permissions of an Agency
Granting Specified Permissions to an Agency for All Projects
Checking Whether an Agency Has Specified Permissions
Removing Specified Permissions of an Agency in All Projects
Security Settings
Querying the Operation Protection Policy
Modifying the Operation Protection Policy
Querying the Password Policy
Modifying the Password Policy
Querying the Login Authentication Policy
Modifying the Login Authentication Policy
Querying the ACL for Console Access
Modifying the ACL for Console Access
Querying the ACL for API Access
Modifying the ACL for API Access
Federated Identity Authentication Management
Obtaining a Token in Federated Identity Authentication Mode
SP Initiated
IdP Initiated
Identity Provider
Querying the Identity Provider List
Querying an Identity Provider
Creating a SAML Identity Provider
Updating a SAML Identity Provider
Deleting an Identity Provider
Mapping
Querying the Mapping List
Querying a Mapping
Creating a Mapping
Updating a Mapping
Deleting a Mapping
Protocol
Querying the Protocol List
Querying a Protocol
Registering a Protocol
Updating a Protocol
Deleting a Protocol
Metadata
Querying a Metadata File
Querying the Metadata File of Keystone
Importing a Metadata File
Token
Obtaining an Unscoped Token (SP Initiated)
Obtaining an Unscoped Token (IdP Initiated)
Obtaining a Scoped Token
Domain
Querying the List of Domains Accessible to Federated Users
Project
Querying the List of Projects Accessible to Federated Users
Version Information Management
Querying Keystone API Version Information
Querying Information About Keystone API Version 3.0
Services and Endpoints
Querying Services
Querying Service Details
Querying Endpoints
Querying Endpoint Details
Querying the Service Catalog
Permissions Policies and Supported Actions
Introduction
Action List
Appendix
Status Codes
Error Codes
Obtaining User, Account, User Group, Project, and Agency Information
Change History
User Guide (Ankara Region)
Service Overview
What Is IAM?
Basic Concepts
Functions
Personal Data Protection
Permissions
Notes and Constraints
Getting Started
Before You Start
Step 1: Create User Groups and Assign Permissions
Step 2: Create IAM Users and Log In
User Guide
Before You Start
IAM Users
Creating an IAM User
Assigning Permissions to an IAM User
Logging In as an IAM User
Viewing or Modifying IAM User Information
Deleting an IAM User
Changing the Login Password of an IAM User
Managing Access Keys for an IAM User
User Groups and Authorization
Creating a User Group and Assigning Permissions
Adding Users to or Removing Users from a User Group
Deleting User Groups
Viewing or Modifying User Group Information
Revoking Permissions of a User Group
Assigning Dependency Roles
Permissions Management
Basic Concepts
Roles
Policies
Policy Content
Policy Syntax
Authentication Process
Authorization Records
Custom Policies
Creating a Custom Policy
Modifying or Deleting a Custom Policy
Custom Policy Use Cases
Projects
Agencies
Account Delegation
Delegating Resource Access to Another Account
Creating an Agency (by a Delegating Party)
(Optional) Assigning Permissions to an IAM User (by a Delegated Party)
Switching Roles (by a Delegated Party)
Cloud Service Agency
Deleting or Modifying Agencies
Security Settings
Security Settings Overview
Basic Information
Critical Operation Protection
Login Authentication Policy
Password Policy
ACL
Identity Providers
Introduction
Identity Federation via SAML
Configuration of SAML-based Federated Identity Authentication
Step 1: Create an IdP Entity
Step 2: Configure Identity Conversion Rules
(Optional) Step 3: Configure a Federated Login Entry in the Enterprise IdP
Identity Federation Via OpenID Connect
Configuration of OpenID Connect–based Federated Identity Authentication
Step 1: Create an IdP Entity
Step 2: Configure Identity Conversion Rules
(Optional) Step 3: Configure a Federated Login Entry in the Enterprise IdP
Syntax of Identity Conversion Rules
Cloud Alliance Attributes
MFA Authentication and Virtual MFA Device
MFA Authentication
Virtual MFA Device
Quotas
FAQs
IAM User Management
Why Does IAM User Login Fail?
How Do I Control IAM User Access to the Console?
Security Settings
How Do I Enable Login Verification?
How Do I Disable Login Verification?
How Do I Change the Verification Method for Performing Critical Operations?
How Do I Disable Operation Protection?
How Do I Bind a Virtual MFA Device?
How Do I Obtain a Virtual MFA Verification Code?
How Do I Unbind or Remove a Virtual MFA Device?
Why Does MFA Authentication Fail?
Why Am I Not Getting the Verification Code?
Passwords and Credentials
What Should I Do If I Forgot My Password?
What Are Temporary Security Credentials (AK/SK and Security Token)?
How Do I Obtain a Token with Security Administrator Permissions?
Agency Management
How Can I Obtain Permissions to Create an Agency?
Others
Why Is the Field-Level Help Always Displayed?
How Do I Disable Autofill Password on Google Chrome?
Change History
API Reference (Ankara Region)
Before You Start
Overview
API Calling
Endpoints
Constraints
Concepts
API Overview
Calling APIs
Making an API Request
Authentication
Response
APIs
Token Management
Obtaining a User Token
Project Management
Querying Project Information Based on the Specified Criteria
Permissions Policies and Supported Actions
Introduction
Appendix
Status Codes
Error Codes
Obtaining User, Account, User Group, Project, and Agency Information
Change History
General Reference
Glossary
Service Level Agreement
White Papers
Endpoints
Permissions