Last updated：2021-10-29 17:57:41
Identity and Access Management (IAM) is a basic service provided by Kingsoft Cloud for managing user identities and resource access permissions. With IAM, you can manage access to Kingsoft Cloud services and resources in a secure and fine-grained manner.
IAM allows you to create and manage multiple IAM users under a Kingsoft Cloud account, and assign different resources and grant different operation permissions to one or more IAM users.
If multiple users in your enterprise need to collaboratively manage resources, IAM allows you to assign the minimum permissions to the users as required without sharing your Kingsoft Cloud account or password with them, thereby reducing the information security risks of your enterprise.
IAM allows you to grant different access permissions to different users for different resources. For example, you can grant the restart permission on a specific Kingsoft Cloud Elastic Compute (KEC) instance to only some of the IAM users.
You do not need to separately grant permissions to users. Instead, IAM allows you to create an IAM group, grant the corresponding permissions to the IAM group, and add users to the IAM group so that the users inherit the permissions of the IAM group. If the permissions of a user change, you can delete the user from the IAM group, or add the user to another IAM group to quickly grant the corresponding permissions to the user.
If you need to authorize other enterprises to access specified resources of your enterprise, you can create and assign IAM roles to the enterprises. Then, the enterprises can assume the IAM roles and access the specified resources.
IAM allows you to configure login verification policies, password policies, and sensitive operation verification policies for IAM users to improve the security of user information and system data.
If you have your own identity authentication system, you do not need to create a Kingsoft Cloud account. You can access Kingsoft Cloud through single sign-on (SSO) based on the identity provider (IdP) feature.
You can access IAM in one of the following ways:
You can access IAM through a browser-based graphical user interface, namely, the IAM console.
You can access IAM by calling the IAM API operations.
Did you find the above information helpful?
Please give us your feedback.
Thank you for your feedback.