Help Center/ Identity and Access Management/ What's New

What's New

Updated on 2023/12/05 GMT+08:00

The tables below describe the functions released in each Identity and Access Management version and corresponding documentation updates. New features will be successively launched in each region.

August 2023

No.	Feature	Description	Phase	Document
1	Custom setting of account lockout duration after five consecutive login failures	After an IAM user fails to log in for five consecutive times, the account lockout duration that can be customized by the administrator is expanded from 30 minutes to 24 hours.	Commercial use	Login Authentication Policy

July 2023

No.	Feature	Description	Phase	Document
1	Optimization of the federated login error message	The federated login error message is optimized to help self-service troubleshooting.	Commercial use	Identity Providers
2	Custom port setting for OpenID Connect identity providers	Port setting can be customed for OpenID Connect identity providers.	Commercial use	Create an IdP Entity

November 2022

No.	Feature	Description	Phase	Document
1	Security features	IAM can secure personal data and access control.	Commercial use	Security

May 2022

No.	Feature	Description	Phase	Document
1	Batch operations supported	You can perform batch operations on the console, including batch modifying IAM user information, batch deleting IAM users, user groups, or agencies, and batch revoking permissions of a user group.	Commercial use	Batch Modifying IAM User Information Batch Deleting IAM Users Batch Deleting User Groups Batch Revoking Permissions of a User Group

No.

Feature

Description

Phase

Document

Batch operations supported

You can perform batch operations on the console, including batch modifying IAM user information, batch deleting IAM users, user groups, or agencies, and batch revoking permissions of a user group.

Commercial use

Batch Modifying IAM User Information

Batch Deleting IAM Users

Batch Deleting User Groups

Batch Revoking Permissions of a User Group

March 2022

No.	Feature	Description	Phase	Document
1	IAM user SSO available in identity provider creation	When creating an identity provider compatible with Security Assertion Markup Language (SAML), the administrator can select virtual user SSO or IAM user SSO. Virtual user SSO: After a federated user logs in to Huawei Cloud, the system automatically creates a virtual user for the federated user. An account can have multiple identity providers of the virtual user SSO type. IAM user SSO: After a federated user logs in to Huawei Cloud, the system maps the user to an IAM user based on the configured identity conversion rules. Only one identity provider of the IAM user SSO type can be created under an account.	Commercial use	Create an IdP Entity

No.

Feature

Description

Phase

Document

IAM user SSO available in identity provider creation

When creating an identity provider compatible with Security Assertion Markup Language (SAML), the administrator can select virtual user SSO or IAM user SSO.

Virtual user SSO: After a federated user logs in to Huawei Cloud, the system automatically creates a virtual user for the federated user. An account can have multiple identity providers of the virtual user SSO type.
IAM user SSO: After a federated user logs in to Huawei Cloud, the system maps the user to an IAM user based on the configured identity conversion rules. Only one identity provider of the IAM user SSO type can be created under an account.

Commercial use

Create an IdP Entity

January 2022

No.	Feature	Description	Phase	Document
1	Agency authorization by enterprise project	You can flexibly grant permissions for using specified enterprise projects to other accounts.	Commercial use	Creating an Agency

December 2021

No.	Feature	Description	Phase	Document
1	Recommending authorization scope based on permissions	An authorization scope is recommended based on selected permissions to comply with the principle of least privilege.	Commercial use	Assigning Permissions to a User Group
2	Creation of custom policies during authorization	You can create custom policies during authorization.	Commercial use	Creating a Custom Policy
3	Authorization by enterprise project	You can assign permissions to enterprise projects' users and user groups on the IAM console without going to the Enterprise Center.	Commercial use	Assigning Permissions to a User Group

November 2021

No.	Feature	Description	Phase	Document
1	Limit on the number of mapping rules for identity providers	You can query and modify the total quota of mapping rules for all identity providers in your account.	Commercial use	Notes and Constraints

September 2021

No.	Feature	Description	Phase	Document
1	Information self-management	If information self-management is enabled, all IAM users can manage their own Basic Information (login password, mobile number, and email address). If information self-management is disabled, only administrators can manage their own basic information.	Commercial use	Information Self-Management
2	Upgraded permissions management function	You can view permissions assigned to specific users, user groups, or agencies. All authorization records under your account are displayed on the Permissions > Assignment page. You can view authorization records by IAM or enterprise projects.	Commercial use	Viewing Authorization Records

April 2021

No.	Feature	Description	Phase	Document
1	Federated user login	After the administrator of your enterprise creates an identity provider and configures identity conversion rules on HUAWEI CLOUD, federated users can log in to HUAWEI CLOUD using their account names and passwords for the enterprise identity system. Then these users can use cloud services based on assigned permissions.	Commercial use	Logging In as a Federated User

March 2021

No.	Feature	Description	Phase	Document
1	Display of access type, MFA device binding status, password age, and access key status in the user list	The administrator can tailor the display items of the user list. The available items include description, last login time, creation time, access type, MFA device binding status, password age, and access key status.	Commercial use	Viewing or Modifying IAM User Information
2	HUAWEI CLOUD login with a HUAWEI ID	A HUAWEI ID is a unified identity that you can use to visit all websites of Huawei. Now you can use your HUAWEI ID to log in to the HUAWEI CLOUD management console.	Commercial use	Logging In to HUAWEI CLOUD

February 2021

No.	Feature	Description	Phase	Document
1	Customization of agency validity period	The administrator can customize the validity period when creating or modifying an agency. An agency can be of unlimited validity or be valid for 1 day or a specific number of days (1 to 365).	Commercial use	Creating an Agency

No.

Feature

Description

Phase

Document

Customization of agency validity period

The administrator can customize the validity period when creating or modifying an agency.

An agency can be of unlimited validity or be valid for 1 day or a specific number of days (1 to 365).

Commercial use

Creating an Agency

January 2021

No.	Feature	Description	Phase	Document
1	Access key management	If you enable access key management, only the IAM users who have been granted the required permissions can manage (create, enable, disable, and delete) their own access keys. If you disable this option, all IAM users can manage access keys.	Commercial use	Access Key Management

December 2020

No.	Feature	Description	Phase	Document
1	Changing the access type of IAM users	The administrator can change the access type of an IAM user on the Basic Information page. The following access types are supported: Programmatic access Management console access Programmatic access and management console access	Commercial use	Modifying Basic Information

No.

Feature

Description

Phase

Document

Changing the access type of IAM users

The administrator can change the access type of an IAM user on the Basic Information page.

The following access types are supported:

Programmatic access
Management console access
Programmatic access and management console access

Commercial use

Modifying Basic Information

November 2020

No.	Feature	Description	Phase	Document
1	OpenID Connect–based federated identity authentication	You can configure OpenID Connect–based identity authentication to federate users to HUAWEI CLOUD. To do this, create OAuth 2.0 credentials in your enterprise IdP, create an OpenID Connect identity provider in HUAWEI CLOUD, configure authorization information and identity conversion rules, and add the login link of HUAWEI CLOUD to your enterprise IdP. In this way, users in your enterprise can log in to HUAWEI CLOUD through single sign-on (SSO).	Commercial use	OpenID Connect–based Federated Identity Authentication
2	New edition of the Account Security Settings page now available	The Security Settings menu in the navigation pane is now named Account Security Settings. The administrator can configure login authentication and password policies, ACL, and operation protection to keep user information and system secure.	Commercial use	Account Security Settings

March 2020

No.	Feature	Description	Phase	Document
1	Policy-based access control	You can grant users required permissions using system-defined and custom policies.	Commercial use	Policies

January 2020

No.	Feature	Description	Phase	Document
1	New edition of user group and agency authorization pages	The Policies menu in the navigation pane is now named Permissions. "RBAC policy" and "fine-grained policy" are now called "system-defined role" and "system-defined policy". Together, system-defined roles, system-defined policies, and custom policies are called "permissions". A system-define policy with read-only permissions for IAM is now available. You can now grant users permissions using multiple policies or roles or assign permissions for multiple projects at a time.	Commercial use	Basic Concepts Change to the System-Defined Policy Names Creating a User Group and Assigning Permissions

No.

Feature

Description

Phase

Document

New edition of user group and agency authorization pages

The Policies menu in the navigation pane is now named Permissions.
"RBAC policy" and "fine-grained policy" are now called "system-defined role" and "system-defined policy". Together, system-defined roles, system-defined policies, and custom policies are called "permissions".
A system-define policy with read-only permissions for IAM is now available.
You can now grant users permissions using multiple policies or roles or assign permissions for multiple projects at a time.

Commercial use

Basic Concepts

Change to the System-Defined Policy Names

Creating a User Group and Assigning Permissions

November 2019

No.	Feature	Description	Phase	Document
1	Higher custom policy quota	You can create up to 200 custom policies.	Commercial use	Notes and Constraints

September 2019

No.	Feature	Description	Phase	Document
1	Visualized custom policy creation	You can create custom policies using the visual editor or in JSON view. With the visual editor, you can easily create a custom policy by specifying the cloud service, actions, resources, and request conditions. You do not need to have knowledge of JSON syntax.	Commercial use	Creating a Custom Policy

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot