IAM is a security management service for enterprises. It provides authentication, access control, rights allocation, and access policy management functions for enterprise members.
IAM provides the following functions:
- User identity management: IAM supports self-service registration, user password management, and API access key management, and provides functions to add, delete, modify, and query sub-users.
- Role-based rights control: Classify user groups by user responsibilities and define different user roles. This helps users obtain access rights based on their responsibilities.
- Cross-tenant access: Tenants can entrust their operations to the third-party or cloud services through the delegation and trust mechanism.
- Identity provider: For tenants who have the identity authentication system in their own private data center, they can complete identity authentication locally and then log in to the public cloud using single sign-on through the identity provider. Tenants do not need to set the user account and password on the public cloud. In this way, their information will not be synchronized to the cloud platform, avoiding information leak and management problems.