Identity Authentication and Access Control
Identity Authentication
- Identity credential and its security
MPC can be accessed using accounts or IAM users. Both of them support identity authentication using usernames, passwords, access keys, and temporary access keys. As shown in Table 1, MPC implements security design for each identity credential to protect user data and enable users to access MPC more securely.
Table 1 MPC identity credential and security design Access Credential
Security Description
Details
Username and password
You can configure the character type and minimum length of a user key. You can also configure the password validity period policy and minimum password validity period policy.
Access key
AK is used together with SK to sign requests cryptographically, ensuring that the requests are secret, complete, and correct.
Temporary access key
In addition to the access key feature, a temporary access key has a validity period that can be customized. After the validity period expires, the temporary access key becomes invalid and you have to obtain a new one.
- Login protection and authentication policies
As shown in Table 2, in addition to requiring users to show their credentials and verify their validity, MPC also provides a login protection mechanism and supports login authentication policies to prevent user information from being stolen.
Table 2 Login protection and authentication policies Login Protection Method
Description
Details
Login protection
In addition to entering the username and password on the login page (first identity authentication), you also need to enter a verification code on the login verification page (second identity authentication) when logging in to Huawei Cloud.
Check whether mobile numbers, email addresses, and virtual MFA devices are supported. For details, see MFA Authentication.
Login authentication policy
MPC supports the session timeout policy (If a user does not log in to the system within a specified period, the user needs to log in again), account locking policy (If the number of login failures exceeds the threshold, the account is locked), account disabling policy (If a user does not log in to the system for a long time, the account is disabled), and recent login information that allows users to view the last login time.
Access Control
MPC supports access control through IAM fine-grained authorization policies.
Method |
Description |
Details |
---|---|---|
IAM-based MPC permission control |
IAM permissions define which actions on your cloud resources are allowed or denied. After creating an IAM user, the administrator needs to add it to a user group and grant the permissions required by MPC to the user group. Then, all users in this group automatically inherit the granted permissions. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot