Adding federated users
To add federated users, you need to know the users' Name IDs returned by the Identity Provider (IdP) server with the successful authentication response. This is usually the user's primary email address. If you don't know what the server returns as the Name ID, contact the administrator who configured authentication for your federation.
To add identity federation users to the cloud:
-
Open the Access management page for the selected cloud. If necessary, switch to another cloud.
- Click the arrow next to the Add user button.
- Select Add federated users.
- Select the identity federation to add users from.
- List the Name IDs of users, separating them with line breaks.
If you don't have the Yandex.Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View a description of the add user command:
$ yc iam federation add-user-accounts --help
-
Add users by listing their Name IDs separated by a comma:
$ yc iam federation add-user-accounts --name my-federation \ --name-ids=alice@example.com,bob@example.com,charlie@example.com
To add identity federation users to the cloud:
-
Create a file with the request body (for example,
body.json
). In the request body, specify the array of Name IDs of users you want to add:{ "nameIds": [ "alice@example.com", "bob@example.com", "charlie@example.com" ] }
-
Send the request by specifying the Federation ID in the parameters:
$ curl -X POST \ -H "Content-Type: application/json" \ -H "Authorization: Bearer <IAM token>" \ -d '@body.json' \ https://iam.api.cloud.yandex.net/iam/v1/saml/federations/<federation ID>:addUserAccounts