Overview
Concepts
Concept | Description |
Space | When enabling Identity Center, you need to create a space. All Identity Center resources are maintained within the space. An organization account can create only one space. The space name will be used in the user login URL. |
User | User is a type of identity in the Identity Center. It refers to new users you create in the Identity Center after you enable the Identity Center service of organization accounts. Before CAM synchronization, users in the Identity Center do not have any feature, identity, login permission, access permission, etc. You can create and manage all users accessing Tencent Cloud here. Users can be granted permissions to access Tencent Cloud accounts. |
User Group | User group is a type of identity in the Identity Center. You can add users to a user group and then grant permissions based on the user group for unified permission management. |
SCIM Synchronization | The Identity Center supports user and user group synchronization based on the System for Cross-domain Identity Management (SCIM) protocol. By using SCIM synchronization, you can manage identities in your enterprise identity management system without manually managing users, user groups, and their memberships in the Identity Center, enhancing management efficiency and security. |
Permission Configuration | Permission configuration is a configuration template used by users to access Tencent Cloud accounts and includes a set of permissions. You can use this template to authorize users for specific accounts. |
Account | Accounts include admin accounts and member accounts. Admin account: The admin account is the super administrator of the enterprise, and only the admin account can manage the Identity Center. Member account: Member accounts cannot manage the Identity Center, nor can they view it. |
Multi-Account Authorization | Based on the organizational structure of the organization accounts, you can set the users or user groups allowed to access each account, as well as their access permissions. You can authorize enterprise admin accounts or any member account. |
Permission Configuration Deployment | When you authorize users for an account, the specified permission configuration will be deployed to the relevant account, becoming the CAM role, CAM policy, and identity provider for role single sign-on (SSO) for that account. If the permission configuration has already been deployed to an account but changes are made to the permission configuration, these changes will not be automatically updated to the account. You need to manually redeploy for the changes to take effect. |
Login Portal | The login portal is an independent portal for Identity Center users to log in and use Tencent Cloud resources. After Identity Center users log in, they can view the accounts they have access to and can only access the Tencent Cloud console within the granted permissions. You can view the login portal address (URL) on the overview page of the Identity Center. |
Identity Center Administrator | An Identity Center administrator refers to a CAM user who has an Identity Center management account and permissions (QcloudOrganizationFullAccess) under the account. |
Single Sign-On (SSO) | Identity Center supports SSO based on Security Assertion Markup Language (SAML) 2.0. Tencent Cloud is the service provider (SP), while the enterprise's identity management system is the identity provider (IdP). Through SSO, enterprise employees can use their IdP user identity to directly log in to the Identity Center. |
피드백