Tencent Cloud

Recent Pages

Basic Concepts

Last updated: 2024-07-31 14:17:23

This document introduces the basic concepts of Identity Center.
Concept
Description
Space
When enabling Identity Center, you need to create a space. All Identity Center resources are maintained within the space. An organization account can create only one space. The space name will be used in the user login URL.
User
User is a type of identity in the Identity Center. It refers to new users you create in the Identity Center after you enable the Identity Center service of organization accounts. Before CAM synchronization, users in the Identity Center do not have any feature, identity, login permission, access permission, etc.
You can create and manage all users accessing Tencent Cloud here. Users can be granted permissions to access Tencent Cloud accounts.
User Group
User group is a type of identity in the Identity Center. You can add users to a user group and then grant permissions based on the user group for unified permission management.
SCIM Synchronization
The Identity Center supports user and user group synchronization based on the System for Cross-domain Identity Management (SCIM) protocol. By using SCIM synchronization, you can manage identities in your enterprise identity management system without manually managing users, user groups, and their memberships in the Identity Center, enhancing management efficiency and security.
Permission Configuration
Permission configuration is a configuration template used by users to access Tencent Cloud accounts and includes a set of permissions. You can use this template to authorize users for specific accounts.
Account
Accounts include admin accounts and member accounts.
Admin account: The admin account is the super administrator of the enterprise, and only the admin account can manage the Identity Center.
Member account: Member accounts cannot manage the Identity Center, nor can they view it.
Multi-Account Authorization
Based on the organizational structure of the organization accounts, you can set the users or user groups allowed to access each account, as well as their access permissions. You can authorize enterprise admin accounts or any member account.
Permission Configuration Deployment
When you authorize users for an account, the specified permission configuration will be deployed to the relevant account, becoming the CAM role, CAM policy, and identity provider for role single sign-on (SSO) for that account. If the permission configuration has already been deployed to an account but changes are made to the permission configuration, these changes will not be automatically updated to the account. You need to manually redeploy for the changes to take effect.
Login Portal
The login portal is an independent portal for Identity Center users to log in and use Tencent Cloud resources. After Identity Center users log in, they can view the accounts they have access to and can only access the Tencent Cloud console within the granted permissions. You can view the login portal address (URL) on the overview page of the Identity Center.
Identity Center Administrator
An Identity Center administrator refers to a CAM user who has an Identity Center management account and permissions (QcloudOrganizationFullAccess) under the account.
Single Sign-On (SSO)
Identity Center supports SSO based on Security Assertion Markup Language (SAML) 2.0. Tencent Cloud is the service provider (SP), while the enterprise's identity management system is the identity provider (IdP). Through SSO, enterprise employees can use their IdP user identity to directly log in to the Identity Center.

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support

tencent cloud

Recent Pages

Basic Concepts

Was this page helpful?

Was this page helpful?

Concept	Description
Space	When enabling Identity Center, you need to create a space. All Identity Center resources are maintained within the space. An organization account can create only one space. The space name will be used in the user login URL.
User	User is a type of identity in the Identity Center. It refers to new users you create in the Identity Center after you enable the Identity Center service of organization accounts. Before CAM synchronization, users in the Identity Center do not have any feature, identity, login permission, access permission, etc. You can create and manage all users accessing Tencent Cloud here. Users can be granted permissions to access Tencent Cloud accounts.
User Group	User group is a type of identity in the Identity Center. You can add users to a user group and then grant permissions based on the user group for unified permission management.
SCIM Synchronization	The Identity Center supports user and user group synchronization based on the System for Cross-domain Identity Management (SCIM) protocol. By using SCIM synchronization, you can manage identities in your enterprise identity management system without manually managing users, user groups, and their memberships in the Identity Center, enhancing management efficiency and security.
Permission Configuration	Permission configuration is a configuration template used by users to access Tencent Cloud accounts and includes a set of permissions. You can use this template to authorize users for specific accounts.
Account	Accounts include admin accounts and member accounts. Admin account: The admin account is the super administrator of the enterprise, and only the admin account can manage the Identity Center. Member account: Member accounts cannot manage the Identity Center, nor can they view it.
Multi-Account Authorization	Based on the organizational structure of the organization accounts, you can set the users or user groups allowed to access each account, as well as their access permissions. You can authorize enterprise admin accounts or any member account.
Permission Configuration Deployment	When you authorize users for an account, the specified permission configuration will be deployed to the relevant account, becoming the CAM role, CAM policy, and identity provider for role single sign-on (SSO) for that account. If the permission configuration has already been deployed to an account but changes are made to the permission configuration, these changes will not be automatically updated to the account. You need to manually redeploy for the changes to take effect.
Login Portal	The login portal is an independent portal for Identity Center users to log in and use Tencent Cloud resources. After Identity Center users log in, they can view the accounts they have access to and can only access the Tencent Cloud console within the granted permissions. You can view the login portal address (URL) on the overview page of the Identity Center.
Identity Center Administrator	An Identity Center administrator refers to a CAM user who has an Identity Center management account and permissions (QcloudOrganizationFullAccess) under the account.
Single Sign-On (SSO)	Identity Center supports SSO based on Security Assertion Markup Language (SAML) 2.0. Tencent Cloud is the service provider (SP), while the enterprise's identity management system is the identity provider (IdP). Through SSO, enterprise employees can use their IdP user identity to directly log in to the Identity Center.

tencent cloud

Sign Up

Log in

Recent Pages

Basic Concepts

Was this page helpful?

Was this page helpful?