To get started, create an organization and add users to it.
The Yandex Cloud Organization service is running in Preview mode. Managing organization services is unavailable.
Create an organization
- Log in to your Yandex account. If you don't have an account yet, create one.
- Go to Yandex Cloud Organization.
- Enter your company name and description.
- Click Create organization.
After registering, you become the organization owner. You'll be able to manage employee accounts, as well as connect and disable services.
To provide your employees with access to the organization's services, connect them using their Yandex accounts. If your company already uses a different account management system (such as Active Directory or Google Workspace), configure an identity federation so that your employees can use their work accounts to access Yandex.Cloud services.
Connect employees with Yandex accounts
If your employees have Yandex accounts (for example,
email@example.com), they can use them to access Yandex.Cloud services enabled in your organization.
To connect employees with Yandex accounts:
- Go to the left panel and select Users .
- In the upper-right corner, click Add user.
- Enter the email addresses of the Yandex users you want to invite to the organization (for example,
- Click Add.
This will give the users access to the organization.
Configure an identity federation
Identity federation is a technology with which you can implement a single sign-on system (SSO) and use corporate accounts for authorization in Yandex Cloud Organization. In this case, your corporate account management system acts as an identity provider (IdP).
To configure your identity federation, follow these steps:
In the left panel, select Federations .
Click Create federation.
Enter the federation name and description.
In the Cookie lifetime field, specify the period of time during which the browser won't ask the user to re-authenticate.
In the IdP Issuer field, specify the IdP server ID to be used for authentication. The IdP server must send the same ID in its response to Organization during user authentication.
ID format depends on the type of IdP server you use (for example, Active Directory or Google Workspace).
In the SSO method field, choose POST.
In the Link to the IdP login page field, specify the address of the page where the browser redirects the user for authentication.
Add the identity provider certificate to the created federation.
All users who log in to Yandex Cloud Organization through the identity federation using their work accounts are automatically added to the list of the organization's users.