Help Center/ IAM Identity Center/ Getting Started/ Creating Users and Permission Sets
Updated on 2024-05-28 GMT+08:00
View PDF
Share

Creating Users and Permission Sets

Creating Users

After IAM Identity Center is enabled, you need to create Identity Center users.

  1. Log in to the Huawei Cloud console.
  2. Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center.
  3. In the navigation pane, choose Users.
  4. Click Create User in the upper right corner of the page.

    Figure 1 Creating users

  5. Configure basic information about the user. After the configuration is complete, click Next in the lower right corner of the page.

    The user details are mandatory. The contact methods, job-related information, and address are optional and can be set as needed.

    Figure 2 Configuring basic information
    Table 1 User details

    Parameter

    Description

    Username

    IAM Identity Center username.

    The value is user-defined and must be unique.

    Password

    Select a password generation method.

    • Send an email to this user with password setup instructions: The system will send a password reset instruction email to the user. The user can set a password as instructed.
    • Generate a one-time password that you can share with this user: An automatically generated one-time password will be displayed on the page indicating that the user is created. The administrator copies the information and sends it to the user. When the user uses the one-time password to log in through the user portal URL, the system prompts the user to change the password. The user can only log in to the console using the new password.
      CAUTION:

      If the page is closed, the one-time password generated by the system will no longer be displayed again. To obtain the password again, you need to reset the password.

    Email Address

    Email address of a user.

    The value is user-defined and must be unique. It can be used to authenticate the user and reset the password.

    Confirm Email Address

    Enter the email address again for confirmation. The email address and confirm email address must be the same.

    Family Name

    Family name of the user.

    Given Name

    Given name of the user.

    Display Name

    Display name of an IAM Identity Center user.

    The value is user-defined and can be the same as the display name of another IAM Identity Center user. Generally, the value is the real name of the user.

  6. (Optional) In the (Optional) Add User to Groups step, select groups. The user will have the permissions assigned to the group. Click Next.

    Figure 3 (Optional) Adding a user to groups

  7. In the Confirm step, confirm the configuration and click OK in the lower right corner of the page. The IAM Identity Center user is created and displayed in the user list.

    • If Send an email to this user with password setup instructions. is selected for Password in step 5, the user list will be displayed, showing the newly created IAM Identity Center user.
    • If Generate a one-time password that you can share with this user. is selected for Password in step 5, a page that contains detailed information about the one-time password will be displayed. You can copy the information and send it to the user. The user can use the username and one-time password to log in through the user portal URL.
    Figure 4 Confirming user creation

Creating a Permission Set

A permission set defines a collection of one or more IAM policies and controls the permissions of IAM Identity Center users to access resources. Creating permission sets is mandatory. When logging in to the management console as an IAM Identity Center user to access resources of multiple accounts, you must associate the user with permission sets. Otherwise, the user cannot access any resources after login.

  1. Log in to the Huawei Cloud console.
  2. Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center.
  3. In the navigation pane, choose Multi-Account Permissions > Permission Sets.
  4. Click Create Permission Set in the upper right corner of the page.

    Figure 5 Creating a permission set

  5. In the Set Permission Set Details step, configure details about the permission set and click Next.

    Figure 6 Setting permission set details
    Table 2 Permission set details

    Parameter

    Description

    Name

    Name of a permission set.

    The value is user-defined and must be unique.

    Session Duration

    The length of time a user can be logged in to the console.

    When the login time exceeds the configured session duration, the user is automatically logged out. To continue the access, the user needs to log in again.

    Initial Access Page

    Initial page that a user accesses after logging in to the console using the user portal URL.

    For example, if you enter the IAM console URL, users will access the IAM console after login.

    Description

    Description of a permission set.

  6. In the Set Policy step, configure system-defined policies, custom identity policies, and custom policies for the permission set and click Next.

    If you enable Identity Policy, only system-defined policies and custom identity policies are displayed.

    • System-defined policies: You can select system-defined policies preconfigured in IAM Identity Center, including policies and identity policies.
    • Custom identity policies: You can create custom identity policies in visual editor or JSON view to supplement system-defined identity policies.
    • Custom policies: You can create custom policies only in JSON view to supplement system-defined policies.
    Figure 7 Setting policies

  7. In the Confirm step, confirm the configuration and click OK in the lower right corner.

    Figure 8 Confirming configurations

    By default, newly created permission sets are not attached to any accounts. Their status will change to Attached after you attach them to accounts.