Get started
Yandex Identity and Access Management

Adding a user to a cloud

To add users to the cloud, you need the admin or resource-manager.clouds.owner role for that cloud.

You can add users with a Yandex account and federated users.

Add a user with a Yandex account

  1. Open the Access management page for the selected cloud. If necessary, switch to another cloud.

  2. On the Users and roles page, click Add user in the upper-right corner.
  3. Enter the user's Yandex email address.
  4. Click Add.

Note

To better safeguard your resources from unauthorized access, we recommend enabling two-factor authentication in Yandex.Passport. Use this method to secure your own account and ask every user you add to your cloud to enable two-factor authentication as well.

Add federated users

To add federated users, you need to know the users' Name IDs returned by the Identity Provider (IdP) server with the successful authentication response. This is usually the user's primary email address. If you don't know what the server returns as the Name ID, contact the administrator who configured authentication for your federation.

To add identity federation users to the cloud:

  1. Open the Access management page for the selected cloud. If necessary, switch to another cloud.

  2. Click the arrow next to the Add user button.
  3. Select Add federated users.
  4. Select the identity federation to add users from.
  5. List the Name IDs of users, separating them with line breaks.

If you don't have the Yandex.Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. View a description of the add user command:

    $ yc iam federation add-user-accounts --help

  2. Add users by listing their Name IDs separated by a comma:

    $ yc iam federation add-user-accounts --name my-federation \
  --name-ids=alice@example.com,bob@example.com,charlie@example.com

To add identity federation users to the cloud:

  1. Create a file with the request body (for example, body.json). In the request body, specify the array of Name IDs of users you want to add:

    {
  "nameIds": [
    "alice@example.com",
    "bob@example.com",
    "charlie@example.com"
  ]
}

  2. Send the request by specifying the Federation ID in the parameters:

    $ curl -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <IAM token>" \
  -d '@body.json' \
  https://iam.api.cloud.yandex.net/iam/v1/saml/federations/<federation ID>:addUserAccounts

What's next

In this article: