Updated on 2024-02-19 GMT+08:00

Identity Authentication and Access Control

Identity Authentication

  • Identity credential and its security

    MPC can be accessed using accounts or IAM users. Both of them support identity authentication using usernames, passwords, access keys, and temporary access keys. As shown in Table 1, MPC implements security design for each identity credential to protect user data and enable users to access MPC more securely.

    Table 1 MPC identity credential and security design

    Access Credential

    Security Description

    Details

    Username and password

    You can configure the character type and minimum length of a user key. You can also configure the password validity period policy and minimum password validity period policy.

    Password Policy

    Access key

    AK is used together with SK to sign requests cryptographically, ensuring that the requests are secret, complete, and correct.

    Access Keys

    Temporary access key

    In addition to the access key feature, a temporary access key has a validity period that can be customized. After the validity period expires, the temporary access key becomes invalid and you have to obtain a new one.

    Temporary Access Key

  • Login protection and authentication policies

    As shown in Table 2, in addition to requiring users to show their credentials and verify their validity, MPC also provides a login protection mechanism and supports login authentication policies to prevent user information from being stolen.

    Table 2 Login protection and authentication policies

    Login Protection Method

    Description

    Details

    Login protection

    In addition to entering the username and password on the login page (first identity authentication), you also need to enter a verification code on the login verification page (second identity authentication) when logging in to Huawei Cloud.

    Check whether mobile numbers, email addresses, and virtual MFA devices are supported. For details, see MFA Authentication.

    Login Protection

    Login authentication policy

    MPC supports the session timeout policy (If a user does not log in to the system within a specified period, the user needs to log in again), account locking policy (If the number of login failures exceeds the threshold, the account is locked), account disabling policy (If a user does not log in to the system for a long time, the account is disabled), and recent login information that allows users to view the last login time.

    Login Authentication Policy

Access Control

MPC supports access control through IAM fine-grained authorization policies.

Table 3 MPC access control

Method

Description

Details

IAM-based MPC permission control

IAM permissions define which actions on your cloud resources are allowed or denied. After creating an IAM user, the administrator needs to add it to a user group and grant the permissions required by MPC to the user group. Then, all users in this group automatically inherit the granted permissions.

MPC Permissions Management