Announcements
Cloud
Security
October 14, 2019 By Tim Brantner
Ben Lopez
Michelle Kaufman
Ashwini Padubidri Chandrase
Ramiya Ramanathan
4 min read

Inviting users and assigning access faster and with more confidence in IBM Cloud.

Here at IBM Cloud™, we take pride in highlighting enhancements that make a positive impact for our customers. We are excited to announce the delivery of two identity and access management (IAM) enhancements on the IBM Cloud platform that deliver on inviting users and assigning access faster and with more confidence:

  • Simplified experience for inviting users to an account
  • Transparent actions for access roles

Simplified experience for inviting users to an account

As an administrator or a developer inviting users to an account, you’ll notice a new user experience rebuilt from the ground up. The first thing you’ll notice is that you can add users directly to access groups, which is a great way to manage access to your account and a recommended best practice. Alternatively, you can assign additional access, like classic infrastructure permissions, Cloud Foundry roles, or access to account management services like billing or user management. If you want to invite a user to your account and decide what access to assign later, you can do that, too.

Using access groups is an IBM Cloud best practice that allows you to more effectively manage user access—from a few users to thousands. By using access groups, you can simplify the process of managing access by assigning specific groups access to different types of resources. Managing access is then as easy as adding or removing users as needed. 

To use this method, simply add users that you are inviting to the account to an access group by clicking Add for the row of an access group in the Add users to access groups section. 

If you need to assign access to classic infrastructure permissions or Cloud Foundry resources, the Assign users additional access section of the Invite users page is what you’re looking for. This section has also been redesigned as the place where you can manage access that’s independent of access groups. 

The final enhancement on the Invite users page that you’ll want to check out is the ability to assign a user more than one type of access during the invite process. 

To help you track all of the access being assigned with a single invitation, we are introducing the IAM Access summary section on the right-hand side. Before you take the final step to invite users to your account, you can review a summary of all the access details that you added. This allows you to make any final updates or assignments before clicking the Invite button.  

Additionally, you have told us that it is important to be able to script the invite user process, so we’ve provided an API tab in the Access summary section that allows you to copy the API call information to use in your scripts. 

Transparency of actions for access roles

One important way to promote your organization’s safety and security is to follow the principle of least privilege. For those of you who are already familiar with IAM, this is not new. For everyone else, the principle of least privilege means that users should have the absolute minimum level of access that is needed to perform their job—nothing more, nothing less. 

Previously, you might have had a hard time finding an easy way to see the actions associated with an access role. Our transparent actions enhancement represents a huge step forward, ensuring that you can confidently implement the principle of least privilege. 

With this enhancement, users with the authority to invite users to an account can view exactly which actions are associated with the access roles for services that are managed by using IAM. The IBM Cloud console displays a list of actions and descriptions, when available, for every platform and service role. Gone are the days of trial and error in your access management journey. 

If you are as excited as we are, check out the updates on the Invite users page for assigning access to IAM-enabled services or account management services. To use, simply click the number next to a specific role to view a detailed list of actions that are mapped to the role. The number represents the number or actions the role has. 

For more information about inviting users, see Inviting users to an account

We welcome your feedback

As always, we are proud to deliver these enhancements to our great customers, and we can’t wait for you to try them out. Let us know what you think by using the Feedback button on any console page at cloud.ibm.com.

Tim Brantner
Product Owner, Security and Compliance Center
Ben Lopez
OM - Identity & Access Management (IAM)
Michelle Kaufman
Content Lead and Strategist, IBM Cloud Platform
Ashwini Padubidri Chandrase
Cloud Security UI Development Lead
Ramiya Ramanathan
IBM Cloud Design

More from Announcements
July 2, 2024

Success and recognition of IBM offerings in G2 Summer Reports  

2 min read - IBM offerings were featured in over 1,365 unique G2 reports, earning over 230 Leader badges across various categories.   This recognition is important to showcase our leading products and also to provide the unbiased validation our buyers seek. According to the 2024 G2 Software Buyer Behavior Report, “When researching software, buyers are most likely to trust information from people with similar roles and challenges, and they value transparency above other factors.”  With over 90 million visitors each year and hosting more than 2.6…

June 24, 2024

Manage the routing of your observability log and event data 

4 min read - Comprehensive environments include many sources of observable data to be aggregated and then analyzed for infrastructure and app performance management. Connecting and aggregating the data sources to observability tools need to be flexible. Some use cases might require all data to be aggregated into one common location while others have narrowed scope. Optimizing where observability data is processed enables businesses to maximize insights while managing to cost, compliance and data residency objectives.  As announced on 29 March 2024, IBM Cloud® released its next-gen observability…

June 21, 2024

Unify and share data across Netezza and watsonx.data for new generative AI applications

3 min read - In today's data and AI-driven world, organizations are generating vast amounts of data from various sources. The ability to extract value from AI initiatives relies heavily on the availability and quality of an enterprise's underlying data. In order to unlock the full potential of data for AI, organizations must be able to effectively navigate their complex IT landscapes across the hybrid cloud.   At this year’s IBM Think conference in Boston, we announced the new capabilities of IBM watsonx.data, an open…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters