Help Center/ OneAccess/ Best Practices/ Authorizing IAM Users to Access a OneAccess Instance Administrator Portal
Updated on 2024-12-30 GMT+08:00
View PDF
Share

Authorizing IAM Users to Access a OneAccess Instance Administrator Portal

Identity and Access Management (IAM) provides permissions management for secure access to your Huawei Cloud services and resources. IAM is free of charge.

You can use your account to create IAM users and assign permissions for specific resources. Each IAM user has their own identity credentials (password and access keys) and uses cloud resources based on assigned permissions.

To log in to Huawei Cloud from OneAccess through SSO, see Logging In to Single Huawei Cloud Account via OneAccess Without Password (SAML - Virtual User SSO).

IAM users can access OneAccess instances through Huawei Cloud. This helps the enterprise administrator to securely control access to OneAccess resources.

This section describes how to authorize IAM users to access a OneAccess instance administrator portal.

Configuration Process

Prerequisites

You have a Huawei Cloud account and have bought a OneAccess instance. For details about how to purchase such an instance, see Buying an Instance.

Authorizing IAM Users to View OneAccess

Create a user group on the IAM console, assign required permissions to the user group, create users, and add them to the user group. The users are thus authorized with the permissions of the user group.

  1. Create a user group on the IAM console and assign the OneAccess ReadOnlyAccess permission to the group. For details, see Creating a User Group and Assigning Permissions.
  2. Create a user on the IAM console and add the user to the group created in 1. For details, see Creating an IAM User.
  3. Log in to the console and verify the read-only permission by referring to Logging In as an IAM User.

Authorizing IAM Users to Access OneAccess

Authorize IAM users to access OneAccess in the OneAccess console.

  1. Log in to the OneAccess console as an administrator.
  1. Click Manage Authorization.
  2. Click Add User, select the user created in 2, and click OK to authorize the IAM user to access OneAccess.

    You can authorize a maximum of 50 IAM users to access OneAccess.

  3. Go to the administrator portal, and view the system administrator that is automatically generated.

Accessing OneAccess as an Authorized IAM User

Authorized IAM users can access the OneAccess administrator portal through Huawei Cloud.

  1. Log in to Huawei Cloud as an IAM user. For details, see Logging In as an IAM User. If you want to log in by scanning a QR code, refer to Scanning QR Code to Log in.
  2. Choose Service List > Management & Governance > OneAccess.
  3. Click the instance name to go to the administrator portal.

    • By default, IAM users do not have permissions for the Administrator Permissions page. For details about other operations, see Enterprise Administrator Guide.
    • To grant the IAM user all permissions for OneAccess, select the OneAccess FullAccess policy. For details, see 1.