An Introduction of IAM
CDNetworks Console provides IAM (Identity Access Management) to help you manage your accounts for end-users and your application code to use our products and services.
You can create/manage your sub-accounts for your end-users. and grant their own role to securely manage access to use your service resources when you use Main Account.
- You can create/manage identity credentials ( login accounts and access-key ) of your sub-accounts.
- You can create/manage your own policy to set permission - what actions are allowed and denied in CDNetworks Console.
- You can assign the role of each sub-account to provide access controls to your services.
CDNetworks IAM Overview
IAM(Identity and Access Management) is a technical term for managing users’ digital identities, and the privileges associated with each function or resource that are provided by CDNetworks product platform. CDNetworks Console provides IAM (Identity and Access Management) to ensure that you securely control access to your services. you use IAM to grant who is authenticated and who has authorized permission to use your services. and each account makes the request to use CDNetworks products under the process of authentication, authorization, and operations.
There are two parts of CDNetworks Console IAM that consist of Identity Management and Access Control Management) as below.
For more detailed terms, you learn more about IAM terms.
- A person or application that has a unique identity credential to use functions and resources of CDNetworks product via CDNetworks Console UI/API.
- A Principal uses identity credentials - user accounts to make a request via Console Product UI/API.
- CDNetworks Console provides two types of identity credentials for principals
- Login name and Password
- Access Key and Secret Key
- If principals try to perform any actions on the CDNetworks console, CDNetworks Console gathers the request information that evaluates and authorizes the request.
- When principals attempt the request, the request is processed under three steps - authentication, authorization, and operation
- The role, permission effect (allow/deny), action, policy, and control-group information are stored in CDNetworks Console IAM.
- As with CDNetworks service, you can create, update, enable, disable and deploy resources (e.g. CDN domains) under CDNetworks Console.
- “Action” is the operational element as a function of CDNetworks products in the CDNetworks Console.
- Each CDNetworks product and service provide many functions that are managed by Principals
- After authenticating and authorizing the request, CDNetworks product approves the action
- Using actions, you can view/create and delete service resources
- For example, you view or create CDN domains on CA product in the Console UI/API. your accounts should have the permission granted by Main Account.
- “Policy” is a set of multiple actions that are functional elements of CDNetworks products and the Permission flag of “Permission Effect” has “Allowed” or “Deny” that allow the requests and operational actions to use resources
- The permissions specify who can have access to your services and what actions are allowed and denied by checking “Permission effect”
- If Permission Effect is “allowed”, the action is authorized to run action - operate the function of Products
- If Permission Effect is “denied”, the action is not authorized to run action - operate the function of Products
- CDNetworks manage access-control-function (“called as control-group”) between services resources (e.g. CDN domains) and contracts
- Each “control group” has a set of accelerated domains that are being run through CDNetworks products
- Control-group helps you to assign users who have access to monitor traffic, billing, and change service configurations.