
Yandex Identity and Access Management
Manage access to virtual machines and other cloud resources.
Yandex accounts
Two-factor authentication
Identity federation
Service accounts
Flexible role system
Getting started
To use the service, add a user to Yandex Cloud and assign a role to them.

Questions and answers
What is Yandex Identity and Access Management used for?
The service controls access to resources and lets you configure access rights. You can:
- Add and delete new cloud users.
- Manage access rights to resources by assigning and revoking roles.
- Create service accounts: special accounts to manage Yandex Cloud resources via the API.
- Get an IAM token that is required for authorization via the API.
The service controls access to resources and lets you configure access rights. You can:
- Add and delete new cloud users.
- Manage access rights to resources by assigning and revoking roles.
- Create service accounts: special accounts to manage Yandex Cloud resources via the API.
- Get an IAM token that is required for authorization via the API.
How much does it cost to use the service?
Yandex Identity and Access Management is not charged.
Yandex Identity and Access Management is not charged.
How are access rights verified?
Before performing an operation with a resource, the service checks whether the user has the necessary permissions. If the user doesn’t have any of the permissions, the operation isn’t performed and Yandex Cloud returns an error.
Before performing an operation with a resource, the service checks whether the user has the necessary permissions. If the user doesn’t have any of the permissions, the operation isn’t performed and Yandex Cloud returns an error.