Yandex Identity and Access Management

Manage access to virtual machines and other cloud resources.

Yandex accounts
Users don’t need to create additional accounts: to access your Yandex.Cloud resources, they can use their @yandex.com accounts.
Two-factor authentication
In Yandex.Cloud, you can also set up two-factor authentication via Yandex.Passport. Access is granted via the Yandex.Key mobile app that is linked to the user’s device.
Identity federation
A federated user will get access to resources using an external corporate username. Authentication and authorization are done via SAML v2.0.
Service accounts
Create service accounts for your processes and they can connect to your cloud resources as users through the service API.
Flexible role system
Roles can be assigned at the level of a cloud, folder, service account, or other resources.

Getting started

To use the service, add a user to Yandex.Cloud and assign a role to them.

Add user

Questions and answers

What is Yandex Identity and Access Management used for?

The service controls access to resources and lets you configure access rights. You can:

  • Add and delete new cloud users.
  • Manage access rights to resources by assigning and revoking roles.
  • Create service accounts: special accounts to manage Yandex.Cloud resources via the API.
  • Get an IAM token that is required for authorization via the API.

The service controls access to resources and lets you configure access rights. You can:

  • Add and delete new cloud users.
  • Manage access rights to resources by assigning and revoking roles.
  • Create service accounts: special accounts to manage Yandex.Cloud resources via the API.
  • Get an IAM token that is required for authorization via the API.

How much does it cost to use the service?

Yandex Identity and Access Management is not charged.

Yandex Identity and Access Management is not charged.

How are access rights verified?

Before performing an operation with a resource, the service checks whether the user has the necessary permissions. If the user doesn’t have any of the permissions, the operation isn’t performed and Yandex.Cloud returns an error.

Before performing an operation with a resource, the service checks whether the user has the necessary permissions. If the user doesn’t have any of the permissions, the operation isn’t performed and Yandex.Cloud returns an error.

Get started with Identity and Access Management