Help Center> Identity and Access Management> What's New

What's New

Updated on 2023/12/05 GMT+08:00

The tables below describe the functions released in each Identity and Access Management version and corresponding documentation updates. New features will be successively launched in each region.

August, 2023

No.

Feature

Description

Phase

Related Documents

1

Custom setting of account lockout duration after five consecutive login failures

After an IAM user fails to log in for five consecutive times, the account lockout duration that can be customized by the administrator is expanded from 30 minutes to 24 hours.

Commercial use

Login Authentication Policy

July, 2023

No.

Feature

Description

Phase

Related Documents

1

Optimization of the federated login error message

The federated login error message is optimized to help self-service troubleshooting.

Commercial use

Identity Providers

2

Custom port setting for OpenID Connect identity providers

Port setting can be customed for OpenID Connect identity providers.

Commercial use

Create an IdP Entity

November, 2022

No.

Feature

Description

Phase

Related Documents

1

Security features

IAM can secure personal data and access control.

Commercial use

Security

May, 2022

No.

Feature

Description

Phase

Related Documents

1

Batch operations supported

You can perform batch operations on the console, including batch modifying IAM user information, batch deleting IAM users, user groups, or agencies, and batch revoking permissions of a user group.

Commercial use

Batch Modifying IAM User Information

Batch Deleting IAM Users

Batch Deleting User Groups

Batch Revoking Permissions of a User Group

March, 2022

No.

Feature

Description

Phase

Related Documents

1

IAM user SSO available in identity provider creation

When creating an identity provider compatible with Security Assertion Markup Language (SAML), the administrator can select virtual user SSO or IAM user SSO.

  • Virtual user SSO: After a federated user logs in to Huawei Cloud, the system automatically creates a virtual user for the federated user. An account can have multiple identity providers of the virtual user SSO type.
  • IAM user SSO: After a federated user logs in to Huawei Cloud, the system maps the user to an IAM user based on the configured identity conversion rules. Only one identity provider of the IAM user SSO type can be created under an account.

Commercial use

Create an IdP Entity

January, 2022

No.

Feature

Description

Phase

Related Documents

1

Agency authorization by enterprise project

You can flexibly grant permissions for using specified enterprise projects to other accounts.

Commercial use

Creating an Agency

December, 2021

No.

Feature

Description

Phase

Related Documents

1

Recommending authorization scope based on permissions

An authorization scope is recommended based on selected permissions to comply with the principle of least privilege.

Commercial use

Assigning Permissions to a User Group

2

Creation of custom policies during authorization

You can create custom policies during authorization.

Commercial use

Creating a Custom Policy

3

Authorization by enterprise project

You can assign permissions to enterprise projects' users and user groups on the IAM console without going to the Enterprise Center.

Commercial use

Assigning Permissions to a User Group

November, 2021

No.

Feature

Description

Phase

Related Documents

1

Limit on the number of mapping rules for identity providers

You can query and modify the total quota of mapping rules for all identity providers in your account.

Commercial use

Notes and Constraints

September, 2021

No.

Feature

Description

Phase

Related Documents

1

Information self-management

  • If information self-management is enabled, all IAM users can manage their own Basic Information (login password, mobile number, and email address).

  • If information self-management is disabled, only administrators can manage their own basic information.

Commercial use

Information Self-Management

2

Upgraded permissions management function

  • You can view permissions assigned to specific users, user groups, or agencies.

  • All authorization records under your account are displayed on the Permissions > Assignment page.

  • You can view authorization records by IAM or enterprise projects.

Commercial use

Viewing Authorization Records

April, 2021

No.

Feature

Description

Phase

Related Documents

1

Federated user login

After the administrator of your enterprise creates an identity provider and configures identity conversion rules on HUAWEI CLOUD, federated users can log in to HUAWEI CLOUD using their account names and passwords for the enterprise identity system. Then these users can use cloud services based on assigned permissions.

Commercial use

Logging In as a Federated User

March, 2021

No.

Feature

Description

Phase

Related Documents

1

Display of access type, MFA device binding status, password age, and access key status in the user list

The administrator can tailor the display items of the user list. The available items include description, last login time, creation time, access type, MFA device binding status, password age, and access key status.

Commercial use

Viewing or Modifying IAM User Information

2

HUAWEI CLOUD login with a HUAWEI ID

A HUAWEI ID is a unified identity that you can use to visit all websites of Huawei. Now you can use your HUAWEI ID to log in to the HUAWEI CLOUD management console.

Commercial use

Logging In to HUAWEI CLOUD

February, 2021

No.

Feature

Description

Phase

Related Documents

1

Customization of agency validity period

The administrator can customize the validity period when creating or modifying an agency.

An agency can be of unlimited validity or be valid for 1 day or a specific number of days (1 to 365).

Commercial use

Creating an Agency

January, 2021

No.

Feature

Description

Phase

Related Documents

1

Access key management

  • If you enable access key management, only the IAM users who have been granted the required permissions can manage (create, enable, disable, and delete) their own access keys.

  • If you disable this option, all IAM users can manage access keys.

Commercial use

Access Key Management

December, 2020

No.

Feature

Description

Phase

Related Documents

1

Changing the access type of IAM users

The administrator can change the access type of an IAM user on the Basic Information page.

The following access types are supported:

  • Programmatic access

  • Management console access

  • Programmatic access and management console access

Commercial use

Modifying Basic Information

November, 2020

No.

Feature

Description

Phase

Related Documents

1

OpenID Connect–based federated identity authentication

You can configure OpenID Connect–based identity authentication to federate users to HUAWEI CLOUD. To do this, create OAuth 2.0 credentials in your enterprise IdP, create an OpenID Connect identity provider in HUAWEI CLOUD, configure authorization information and identity conversion rules, and add the login link of HUAWEI CLOUD to your enterprise IdP. In this way, users in your enterprise can log in to HUAWEI CLOUD through single sign-on (SSO).

Commercial use

OpenID Connect–based Federated Identity Authentication

2

New edition of the Account Security Settings page now available

  • The Security Settings menu in the navigation pane is now named Account Security Settings.

  • The administrator can configure login authentication and password policies, ACL, and operation protection to keep user information and system secure.

Commercial use

Account Security Settings

March, 2020

No.

Feature

Description

Phase

Related Documents

1

Policy-based access control

You can grant users required permissions using system-defined and custom policies.

Commercial use

Policies

January, 2020

No.

Feature

Description

Phase

Related Documents

1

New edition of user group and agency authorization pages

  • The Policies menu in the navigation pane is now named Permissions.

  • "RBAC policy" and "fine-grained policy" are now called "system-defined role" and "system-defined policy". Together, system-defined roles, system-defined policies, and custom policies are called "permissions".

  • A system-define policy with read-only permissions for IAM is now available.

  • You can now grant users permissions using multiple policies or roles or assign permissions for multiple projects at a time.

Commercial use

Basic Concepts

Change to the System-Defined Policy Names

Creating a User Group and Assigning Permissions

November, 2019

No.

Feature

Description

Phase

Related Documents

1

Higher custom policy quota

You can create up to 200 custom policies.

Commercial use

Notes and Constraints

September, 2019

No.

Feature

Description

Phase

Related Documents

1

Visualized custom policy creation

You can create custom policies using the visual editor or in JSON view. With the visual editor, you can easily create a custom policy by specifying the cloud service, actions, resources, and request conditions. You do not need to have knowledge of JSON syntax.

Commercial use

Creating a Custom Policy

Show allHide