Introducing Identity & Access Management

Introducing Identity & Access Management



What is Identity & Access Management?

IBM Cloud Identity & Access Management enables you to securely authenticate users and control access to all cloud resources consistently in the IBM Bluemix Cloud Platform. This is a core capability of platform which means it’s no extra cost to you.

In May 2017, we are introducing a new feature for the Bluemix Cloud Platform to provide a unified experience for managing user identity and access in IBM Bluemix Cloud. The initial release includes:

  • Unified user management across the Bluemix Platform and Infrastructure services – you can add and delete users in an account for both platform and infrastructure services
  • API keys for user authentication – create and manage API keys that allow you to easily authenticate when using the CLI or APIs that can be used across multiple service
  • Fine-grained access control – assign users access to individual services or service instances

This initial release includes some key capabilities needed to manage users and their access. Be on the lookout for more advanced capabilities coming soon!

New Features

Unified user management across Bluemix Platform and Infrastructure services

There is a new unified user management console for you to manage your users across both Bluemix Platform and Infrastructure services.  If you have a Bluemix PaaS account linked to a Bluemix IaaS account, it is no longer necessary to add users to both accounts.

API keys for user authentication

Bluemix API keys enable users to conveniently authenticate when using CLIs or APIs. The same key can be used across multiple services. Each user can have multiple API keys to support key rotation scenarios, as well as scenarios using different keys for different purposes to limit the exposure of a single key. When authenticating with an API key, users have the same access controls as when they authenticate with their user names and passwords.

 

Fine-grained access control

Bluemix is transitioning to a new, cloud-wide fine-grained access control capability. With access control, you can give users access to only the resources they need in an individual service or service instance level. Three pre-defined roles are supported: Admin, Editor, and Viewer. These give you the ability to control the types of actions users can perform against the resources they have access to.

The Access Control UI provides a simplified way of specifying policies for the resources within your account. After you’ve selected the user you want to set access policies for, it enables you to select a service from the list of services that are enabled with identity and access management. You can optionally select a region or a specific instance of the service. Then, you select the role that you want to assign the user for that resource or set of resources.

Initially, the account owner has the ability to set access for any resource within the account. The account owner can give others the ability to manage access within the account by assigning them the Administrator role on the account.

To start, you can use identity and access management to control access to the Kubernetes-based IBM containers service and its resources. Watch for additional services to adopt the new access control model soon.

Why move to a new model?

The new access control model has several advantages over the previous access control model, which was based on a user’s roles in Cloud Foundry orgs and spaces. You can now set access at a much finer-grained level, down to the individual service or service instance level, and can grant a user different roles for different resources. You can also manage access for resources across the cloud consistently, including resources outside of Cloud Foundry.

Services that have not yet been enabled the access control model will continue to rely on a user’s role in a Cloud Foundry space to determine whether a user has permission to access resources. The new Access Control UI enables users to manage access for both services with the new model enabled and the legacy Cloud Foundry model.

To learn more:

Share this post:






#bluemix,#ibm,#Security,#Mobile,#awvi

Bluemix

via Bluemix Blog https://ibm.co/2pQcNaA

May 2, 2017 at 03:06AM

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s