IAM

Identity and Access Management (IAM) is a user identity management and resource access control service provided by JD Cloud, assigning the minimum permission to users as needed to guarantee the enterprise information security.

Use Now

Benefits

Centralized Management of IAM Sub-users and Their Credentials
Sub-users and groups can be easily created and managed; console login or Open API access permission of sub-users can be controlled; unified virtual MFA verification, operation protection and access key (AK/SK) management shall be carried out without sharing the password and access key of primary account.
Conduct fine IAM for JD Cloud resources
Each user or user group is associated with one or multiple permission policies to restrict the specific operation permission of users to specific resources. You can also add specific validation conditions to control whether the access only becomes valid at a specific time and with specific source IP address.
Centralized Management of User Roles and Service Roles
It is convenient to create and manage roles, and the operations executable for the sub-users or services playing such roles can be controlled through the granting of policies. You can specify a sub-user, a cross-account user or a service to manage and operate JD Cloud resources on your behalf.

Features

User Management

Sub-user Management

It supports sub-user creation and management function, supports the setting of console access or programming access permission, which depends on sub-user, and supports virtual MFA verification, key pair management and operation protection setting as well as other functions.

User Group Management

Group is a collection of sub-users. The primary account can use group to conveniently manage multiple sub-users with same permissions and also change sub-user permissions by adding in or remove sub-users from a group.

Policy Management

Basic Management

It supports policy creation and management functions. Rich system policies can be preset to facilitate the direct use by users, and customized policies can also be created depending on the users’ actual demands.

Permission Control Granularity

It currently supports the permission control of service level, operation level and resource level. For service level, whether a user has the permission on a cloud service can be controlled; for operation level, whether a user has the permission on a certain interface of a cloud service can be controlled; for resource level, whether a user has the access permission on a certain operation to a certain resource of a cloud service.

Support Multiple Policy Creation Methods

By creating visual policy, it is convenient for users to specify permission, operation and resource through the graphical interface to automatically generate policies; by creating json policy, a policy is generated by selecting relevant policy template or following the basic element and syntactic structure of the policy; by creating policy according to tag and automatically associating resources the specified tag, a policy is automatically generated by selecting operation sets.

Set

Sub-user Password Policy Setting

It supports to provide sub-user management of different security grades for different enterprises. You are allowed to set dedicated password policies for all the sub-users depending on enterprise security demand.