Inviting users and assigning access faster and with more confidence in IBM Cloud.
Here at IBM Cloud™, we take pride in highlighting enhancements that make a positive impact for our customers. We are excited to announce the delivery of two identity and access management (IAM) enhancements on the IBM Cloud platform that deliver on inviting users and assigning access faster and with more confidence:
- Simplified experience for inviting users to an account
- Transparent actions for access roles
Simplified experience for inviting users to an account
As an administrator or a developer inviting users to an account, you'll notice a new user experience rebuilt from the ground up. The first thing you'll notice is that you can add users directly to access groups, which is a great way to manage access to your account and a recommended best practice. Alternatively, you can assign additional access, like classic infrastructure permissions, Cloud Foundry roles, or access to account management services like billing or user management. If you want to invite a user to your account and decide what access to assign later, you can do that, too.
Using access groups is an IBM Cloud best practice that allows you to more effectively manage user access—from a few users to thousands. By using access groups, you can simplify the process of managing access by assigning specific groups access to different types of resources. Managing access is then as easy as adding or removing users as needed.
To use this method, simply add users that you are inviting to the account to an access group by clicking Add for the row of an access group in the Add users to access groups section.
If you need to assign access to classic infrastructure permissions or Cloud Foundry resources, the Assign users additional access section of the Invite users page is what you're looking for. This section has also been redesigned as the place where you can manage access that's independent of access groups.
The final enhancement on the Invite users page that you'll want to check out is the ability to assign a user more than one type of access during the invite process.
To help you track all of the access being assigned with a single invitation, we are introducing the IAM Access summary section on the right-hand side. Before you take the final step to invite users to your account, you can review a summary of all the access details that you added. This allows you to make any final updates or assignments before clicking the Invite button.
Additionally, you have told us that it is important to be able to script the invite user process, so we've provided an API tab in the Access summary section that allows you to copy the API call information to use in your scripts.
Transparency of actions for access roles
One important way to promote your organization's safety and security is to follow the principle of least privilege. For those of you who are already familiar with IAM, this is not new. For everyone else, the principle of least privilege means that users should have the absolute minimum level of access that is needed to perform their job—nothing more, nothing less.
Previously, you might have had a hard time finding an easy way to see the actions associated with an access role. Our transparent actions enhancement represents a huge step forward, ensuring that you can confidently implement the principle of least privilege.
With this enhancement, users with the authority to invite users to an account can view exactly which actions are associated with the access roles for services that are managed by using IAM. The IBM Cloud console displays a list of actions and descriptions, when available, for every platform and service role. Gone are the days of trial and error in your access management journey.
If you are as excited as we are, check out the updates on the Invite users page for assigning access to IAM-enabled services or account management services. To use, simply click the number next to a specific role to view a detailed list of actions that are mapped to the role. The number represents the number or actions the role has.
For more information about inviting users, see Inviting users to an account.
We welcome your feedback
As always, we are proud to deliver these enhancements to our great customers, and we can't wait for you to try them out. Let us know what you think by using the Feedback button on any console page at cloud.ibm.com.