Creating an IAM User and Logging In
Scenarios
The account created in the previous section can be used to create an IAM user and add the IAM user to the developer user group. The IAM user has their own username and password. They can log in to Huawei Cloud and use resources based on assigned permissions.
Procedure
Step |
Description |
---|---|
Create an IAM user and add it to the user group to obtain permissions. |
|
Log in to the management console as an IAM user and use resources within the permissions scope. |
Step 1: Create an IAM User
- Choose Users from the navigation pane, and click Create User.
Set mandatory IAM user parameters by referring to the following table. Retain the default settings for other parameters.
- Specify the user details and access type.
- Enter a username.
Figure 1 Setting user details
IAM users can log in to Huawei Cloud using their usernames, email addresses, or mobile numbers.
Table 1 User details Parameter
Example
Description
Username
Alice
(Mandatory) Username used by an IAM user to log in to Huawei Cloud.
Use only letters, digits, spaces, hyphens (-), underscores (_), and periods (.). Do not start with a digit or space.
Email Address
Skip
Email address of the IAM user that can be used as a login credential. IAM users can bind an email address after they are created. This parameter is mandatory if you select Set by user for Credential Type.
Mobile Number
Skip
(Optional) Mobile phone number of the IAM user that can be used as a login credential. IAM users can bind a mobile number after they are created.
- Specify the access type.
Figure 2 Specifying the access type
Table 2 Access types Access Type
Example
Description
Programmatic access
Select it.
This type allows access to cloud services using development tools, such as APIs, CLI, and SDKs, and requires an access key or password.
Management console access
Select it.
This type allows access to cloud services by using the management console and requires a password. If you select this parameter, Password must be selected for Credential Type.
- Configure the credential type.
Figure 3 Credential types
Table 3 Credential types Credential Type
Example
Description
Access key
Select it.
An access key comprises an AK and SK, and is used as a long-term identity credential to sign your requests for Huawei Cloud APIs.
After users are created, you can download the access keys (AK/SK) generated for these users.
Password
Set now
-
You need to set a password for the user and determine whether to require the user to reset the password at first login.
If you will use the IAM user by yourself, you are advised to select this option, set a password, and deselect Require password reset at first login.
Automatically generated
-
The system automatically generates a login password for the user. After the user is created, download the EXCEL password file and provide the password for the user. The user can then use this password for login.
The password file must be downloaded upon the user creation. If you cancel the download, the password file cannot be obtained again. You can change the password of an IAM user by referring to Changing the Password of an IAM User.
This option is available only when you create a single user.
Set by user
Select it.
A one-time login URL will be emailed to the user. The user can click the link to log in to the console and set a password.
If you do not use the IAM user, select this option and enter the email address and mobile number of the IAM user. The user can then set a password by clicking the one-time login URL sent over email. The login URL is valid for seven days.
USB Key
Deselect it.
A USB key is a device that stores user credentials. You can use a USB key, rather than a password to verify your identity. This option is more secure, as there is no password to be leaked.
Once selected, the USB key is the only way for the IAM user to log in. The password will be invalidated and can no longer be used.
- Enable or disable login protection. This function is available only when Access Type is Management console access. In this example, select Enable.
- Login protection enabled: IAM users need to enter verification codes in addition to their usernames and passwords during console login. For the best possible security, this two-factor identity authentication is recommended.
- Login protection disabled: If you need to enable it after user creation, see Modifying IAM User Information.
Figure 5 Login protection disabled
- Enable or disable API login protection. This function is available when only login protection is enabled and the verification mode is set to virtual MFA.
- API login protection enabled: Both a password and a virtual MFA device are required to obtain an IAM user token. To obtain an IAM user token using both a password and a virtual MFA device, see Obtaining a User Token Through Password and Virtual MFA Authentication.
- API login protection disabled: You can enable API login protection after user creation. Locate the target user, and click Security Settings in the Operation column. In the displayed tab, click
next to Verification Method of the Login Protection function, enable this function, and select Virtual MFA device.
- Enter a username.
- Click Next and add the user to the developer user group.
Figure 6 Adding the user to the user group
- Click Create. The created IAM user is displayed in the user list.
- In the displayed Download Password dialog box, click OK to download the initial password of the IAM user. Then, provide the account name, IAM username, and the IAM user's initial password for corresponding employees.
Figure 7 Downloading the password
Step 2: Log In to the Console as an IAM User
After an IAM user is created, employees can log in to Huawei Cloud as the IAM user. If an IAM user fails to log in, they can contact the administrator to reset their password.
- Click IAM User on the login page, and then enter your Tenant name or Huawei Cloud account name, IAM username or email address, and IAM userpassword.
Figure 8 Logging in as an IAM user
Table 4 Login parameters Parameter
Example
Description
Tenant name or Huawei Cloud account name
Company-A
Account used to create the IAM user, for example, Company-A.
IAM username or email address
Alice
IAM username or email address entered during the user creation. You can obtain the IAM username and IAM user's initial password from the administrator.
IAM user password
********
Password of the IAM user, rather than the account. Enter the downloaded password.
- Click Log In to log in to Huawei Cloud as IAM user Alice.
- Verify the permissions of IAM user Alice.
- Switch to CN-Hong Kong.
- Choose Elastic Cloud Server from the service list to go to the ECS console. If the IAM user can perform all operations such as creating and managing ECSs, the ECS FullAccess permissions have been configured successfully.
- Choose Object Storage Service from the service list. If the IAM user can view the bucket list and query bucket locations on the OBS console but cannot create OBS buckets, the OBS OperateAccess permissions have been configured successfully.
- If the IAM user chooses any service other than ECS and OBS, and the system displays a message indicating insufficient permissions, the permissions have been configured successfully.
- Switch to a region other than CN-Hong Kong. If the IAM user can only access the OBS homepage (cannot access ECS and other services), the permissions have been successfully assigned to the region-specific project.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot