Help Center> Identity and Access Management> Getting Started> Step 2: Create IAM Users and Log In
Updated on 2022-02-22 GMT+08:00

Step 2: Create IAM Users and Log In

Use the account of company A to create IAM users for employees and add the users to the user groups created in the previous section. The IAM users have their own passwords to log in to HUAWEI CLOUD, and can use resources based on assigned permissions.

Creating IAM Users

  1. Choose Users from the navigation pane, and click Create User.
  2. Specify the user information and access type. To create more users, click Add User. A maximum of 10 users can be created at a time.

    Figure 1 Configuring user information
    • Users can log in to HUAWEI CLOUD using the username, email address, or mobile number.
    • If users forget their password, they can reset it through email address or mobile number verification. If no email address or mobile number has been bound to users, users need to request the administrator to reset their password.
    Table 1 User information

    Parameter

    Description

    Username

    Username that will be used to log in to HUAWEI CLOUD, for example, James and Alice. This field is required.

    Email Address

    Email address of the IAM user that can be used as a login credential. IAM users can bind an email address after they are created. This field is required if you have specified the access type as Set by user.

    Mobile Number

    Mobile phone number of the IAM user that can be used as a login credential. IAM users can bind a mobile number after their accounts are created. This field is optional.

    Description

    Additional information about the IAM user. This field is optional.

    Figure 2 Setting the access type
    • Programmatic access: Select this option to allow the user to access cloud services using development tools, such as APIs, CLI, and SDKs. You can generate an access key or set a password for the user.
    • Management console access: Select this option to allow the user to access cloud services using the management console. You can set or generate a password for the user or request the user to set a password at first login.
      • If the user accesses cloud services only by using the management console, specify the access type as Management console access and the credential type as Password.
      • If the user accesses cloud services only through programmatic calls, specify the access type as Programmatic access and the credential type as Access key.
      • If the user needs to use a password as the credential for programmatic access to certain APIs, specify the access type as Programmatic access and the credential type as Password.
      • If the user needs to perform access key verification when using certain services in the console, specify the access type as "Programmatic access + Management console access" and the credential type as "Access Key + Password". For example, the user needs to perform access key verification when creating a data migration job in the Cloud Data Migration (CDM) console.
      Table 2 Setting the credential type and login protection

      Credential Type and Login Protection

      Description

      Access key

      After you create the user, you can download the access key (AK/SK) generated for the user.

      Each user can have a maximum of two access keys.

      Password

      Set now

      Set a password for the user and determine whether to require the user to reset the password at first login.

      If you are the user, select this option and set a password for login. You do not need to select Require password reset at first login.

      Automatically generated

      The system automatically generates a login password for the user. After the user is created, you can download the EXCEL password file and provide the password to the user. The user can then use this password for login.

      This option is available only when you create a single user.

      Set by user

      A one-time login URL will be emailed to the user. The user can click on the link to log in to the console and set a password.

      If you are an administrator setting the password for the user, select this option and enter an email address and a mobile number. The user can then set a password by clicking on the one-time login URL sent over email. The login URL is valid for seven days.

      Login Protection

      Enable (Recommended)

      If login protection is enabled, the user will need to enter a verification code in addition to the username and password during login. Enable this function for account security.

      You can choose from SMS-, email-, and virtual MFA–based login verification.

      Disable

      To enable login protection for an IAM user after creation, see Modifying IAM User Information.

  3. (Optional) Click Next to add the users to specific user groups.

    • The users will inherit the permissions assigned to the user groups.
    • You can also create new groups as required.

    The default user group admin has the administrator permissions and the permissions required to use all cloud resources. For the mapping relationships between company A's employees and the user groups, see Figure 1.

  4. Click Create. If you have specified the access type as Programmatic access (see Table 2), you can download the access keys on the Finish page.

    Figure 3 Users created successfully

  5. Repeat steps 1 through 4 to create users Charlie, Jackson, and Emily, and add them to the corresponding groups.

IAM User Login

After using the account of company A to create users James, Alice, Charlie, Jackson, and Emily, provide the account name, IAM user names, and IAM users' initial passwords to corresponding employees. Employees can use their own usernames and passwords to access HUAWEI CLOUD. If IAM user login fails, employees can contact the administrator to reset their password.

  1. Click IAM User on the login page, and then enter your Tenant name or HUAWEI CLOUD account name, IAM user name or email address, and IAM user password.

    Figure 4 Logging in as an IAM user
    • Tenant name or HUAWEI CLOUD account name: the name of the account that was used to create the IAM user
    • IAM user name or email address: the username (for example, James) or email address of the IAM user You can obtain the username and password from the administrator.
    • IAM user password: the password of the IAM user (not the password of the account)

  2. Click Log In.