Help Center > > User Guide> Agencies> Account Delegation> Creating an Agency (by a Delegating Party)

Creating an Agency (by a Delegating Party)

Updated at: Jan 10, 2022 GMT+08:00

By creating an agency, you can share your resources with another account, or delegate an individual or team to manage your resources. You do not need to share your security credentials (the password and access keys) with the delegated party. Instead, the delegated party can log in with its own account credentials and then switches the role to your account and manage your resources.


Before creating an agency, complete the following operations:


  1. Log in to the IAM console.
  2. On the IAM console, choose Agencies from the navigation pane, and click +Create Agency in the upper right corner.

    Figure 1 Creating an agency

  3. Enter an agency name.

    Figure 2 Setting the agency name

  4. Specify the agency type as Account, and enter the name of an account.

    • Account: Share resources with another account or delegate an individual or team to manage your resources. You can specify the delegated account only as another account, and you cannot specify it as a federated user or IAM user.
    • Cloud service: Delegate a specific service to access other services. For more information, see Cloud Service Delegation.

  5. Set the validity period and enter a description for the agency.
  6. Click Next.
  7. Select the permissions to be assigned to the agency, click Next, and specify the authorization scope.

    • Assigning permissions to an agency is similar to assigning permissions to a user group. The two operations differ only in the number of available permissions. For details about how to assign permissions to a user group, see Assigning Permissions to a User Group.
    • Agencies cannot be assigned the Security Administrator role. For account security, grant only the permissions required to agencies according to your business requirements.

  8. Click OK.

    After creating an agency, provide your account name, agency name, agency ID, and agency permissions to the delegated party. The delegated party can then switch the role to your account and manage specific resources.

Related Operations

  • Modifying an agency

    To modify the permissions, validity period, and description of an agency, click Modify in the row containing the agency.

    Figure 3 Modifying an agency
  • Deleting an agency

    To delete an agency, click Delete in the row containing the agency and click Yes.

    Figure 4 Deleting an agency

    After you delete an agency, all permissions granted to the delegated account will be cancelled.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?

Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel