vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/iam/umn/iam_01_0023.html
Wei, Hongmin 04bff7c7a8 IAM 2.6 UMN Version 
Reviewed-by: Kabai, Zoltán Gábor <zoltan-gabor.kabai@t-systems.com>
Co-authored-by: Wei, Hongmin <weihongmin1@huawei.com>
Co-committed-by: Wei, Hongmin <weihongmin1@huawei.com>
2023-08-03 03:29:44 +00:00

30 lines
3.1 KiB
HTML
Raw Blame History

<a name="iam_01_0023"></a><a name="iam_01_0023"></a>
<h1 class="topictitle1">Identity Management</h1>
<div id="body1503913294037"><p id="iam_01_0023__p427028131810">You can manage users in your account and their security credentials. In addition, you can configure identity federation so that users in other systems can access the cloud platform through SSO.</p>
<div class="section" id="iam_01_0023__section1475194083513"><h4 class="sectiontitle">Domain</h4><p id="iam_01_0023__p26559307143857">A domain, also called an "account", is created upon successful registration with the cloud platform. The domain has full access permissions for its cloud services and resources.</p>
<p id="iam_01_0023__p1214512437357">For security purposes, create a security administrator and grant them <strong id="iam_01_0023__b842352706194711">Security Administrator</strong> permissions to manage users and their permissions in your account.</p>
<div class="fignone" id="iam_01_0023__fig10960172283211"><span class="figcap"><b>Figure 1 </b>Account management model</span><br><span><img id="iam_01_0023__image131616505186" src="en-us_image_0274187193.png" width="NaN" height="NaN"></span></div>
</div>
<div class="section" id="iam_01_0023__section201417411614"><h4 class="sectiontitle">User</h4><p id="iam_01_0023__p49102262144454">You or other administrators can create users for employees, systems, or applications in IAM. The users can log in to the console or access APIs using their own identity credentials (passwords and access keys).</p>
<div class="fignone" id="iam_01_0023__fig133971733114"><span class="figcap"><b>Figure 2 </b>Relationship between an account and users</span><br><span><img id="iam_01_0023__image683623184719" src="en-us_image_0274186863.png" width="222.44250000000002" height="332.1675" title="Click to enlarge" class="imgResize"></span></div>
</div>
<div class="section" id="iam_01_0023__section126697618197"><h4 class="sectiontitle">Federated User</h4><p id="iam_01_0023__p9511624145917">Federated users access the cloud platform through identity federation.</p>
<p id="iam_01_0023__p19985118212">After being authenticated by an identity provider (IdP), users can access resources in a service provider (SP) without needing re-authentication.</p>
<ul id="iam_01_0023__ul9164111515234"><li id="iam_01_0023__li145791855173215">IdP: a system that authenticates user identities. In identity federation, the identity authentication system of an enterprise, for example, the enterprise management system, is the IdP.</li><li id="iam_01_0023__li51641915122311">Service provider: a system that provides services.</li></ul>
<p id="iam_01_0023__p1490116170159">Identity federation allows users in an IdP to access the cloud platform by using the users' security credentials in the IdP. IAM does not need to generate new security credentials for the users. In this way, SSO is implemented.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="iam_01_0021.html">Service Overview</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink