Adding a user to a cloud
To add users to the cloud, you need the admin
or resource-manager.clouds.owner
role for that cloud.
You can add users with a Yandex account and federated users.
Add a user with a Yandex account
-
Open the Access management page for the selected cloud. If necessary, switch to another cloud.
- On the Users and roles page, click Add user in the upper-right corner.
- Enter the user's Yandex email address.
- Click Add.
Note
To better safeguard your resources from unauthorized access, we recommend enabling two-factor authentication in Yandex.Passport. Use this method to secure your own account and ask every user you add to your cloud to enable two-factor authentication as well.
Add federated users
To add federated users, you need to know the users' Name IDs returned by the Identity Provider (IdP) server with the successful authentication response. This is usually the user's primary email address. If you don't know what the server returns as the Name ID, contact the administrator who configured authentication for your federation.
To add identity federation users to the cloud:
-
Open the Access management page for the selected cloud. If necessary, switch to another cloud.
- Click the arrow next to the Add user button.
- Select Add federated users.
- Select the identity federation to add users from.
- List the Name IDs of users, separating them with line breaks.
If you don't have the Yandex.Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View a description of the add user command:
$ yc iam federation add-user-accounts --help
-
Add users by listing their Name IDs separated by a comma:
$ yc iam federation add-user-accounts --name my-federation \ --name-ids=alice@example.com,bob@example.com,charlie@example.com
To add identity federation users to the cloud:
-
Create a file with the request body (for example,
body.json
). In the request body, specify the array of Name IDs of users you want to add:{ "nameIds": [ "alice@example.com", "bob@example.com", "charlie@example.com" ] }
-
Send the request by specifying the Federation ID in the parameters:
$ curl -X POST \ -H "Content-Type: application/json" \ -H "Authorization: Bearer <IAM token>" \ -d '@body.json' \ https://iam.api.cloud.yandex.net/iam/v1/saml/federations/<federation ID>:addUserAccounts