IAM adoption guide

This topic covers the Identity and Access Management (IAM) concepts in IBM Cloud Private and discusses how users and content workloads can leverage IBM Cloud Private IAM services for authentication and authorization. It also covers the IAM features and the related API specification.

At a high level, IBM Cloud Private provides authentication support via the OpenID Connect (OIDC) specification. IBM Cloud Private also supports Security Assertion Markup Language (SAML) based federated authentication. The authorization framework aligns with the Cloud IAM with some IBM Cloud Private specific customization, such as grouping user and resource entities under a team construct.

The authentication and authorization details are explored in the following topics:

• A user's view to using the IBM Cloud Private authentication and authorization services
• A content workload's view to using the IBM Cloud Private authentication and authorization services
• IAM for service to service communication
• IAM for IBM Cloud Private with OpenShift

For IAM adoption, you might need configuration details such as your cluster IP address and port number. To get cluster information, see Cluster configuration ConfigMap.

For troubleshooting, see Troubleshooting IAM.

For APIs, see IAM APIs.