Identify and Access Management (IAM) enables users to control and secure access to the ObjectScale resources. This functionality ensures that each access request to an ObjectScale resource is identified, authenticated, and authorized. ObjectScale IAM allows admin to add users, roles, and groups. Admins can also restrict the access by adding policies to the IAM entities.
IAM consists of the following components
- Account Management - an ObjectScale account is a logical construct that corresponds to a customer business unit, tenant, which is relevant to the account admin role and end users that belong to an account. ObjectScale users with the Admin role can create accounts in an ObjectScale instance
- Access Management - access is managed by creating policies and attaching them to IAM identities or resources
- Identity Federation - identity is be established and authenticated by SAML (Security Assertion Markup Language). After an identity is established, use the Secure Token Service to obtain temporary credentials that are used to access the resource
- Secure Token Service - enables users to request temporary credentials for same and cross account access to resources, and for users who are authenticated using SAML authentication from an enterprise identity provider or directory service
By using IAM, users can control authentication and authorization to use ObjectScale resources by creating and managing:
- Users - IAM user represents a person or application in the account that can interact with ObjectScale resources
- Groups - IAM group is a collection of IAM users. Use groups to specify permissions for a collection of IAM users
- Roles - IAM Role is an identity that could be assumed by anyone who requires the role. A role is similar to a user, an identity with permission policies that determine what the identity can and cannot do.
- Policies - IAM policy is a document in JSON format, which defines the permissions for a role. Assign and attach policies to IAM Users, IAM Groups, and IAM Roles.
- SAML provider- SAML is an open standard for exchanging authentication and authorization data between an identity provider and a service provider. SAML provider in ObjectScale is used to establish trust between a SAML-compatible Identity Provider (IdP) and ObjectScale
See the Dell ObjectScale 1.3.x Administration Guide for more information about IAM.