MarketplaceCommunityDEENDEENProductsCore ServicesRoadmapRelease NotesService descriptionCertifications and attestationsPrivate CloudManaged ServicesBenefitsSecurity/DSGVOSustainabilityOpenStackMarket leaderPricesPricing modelsComputing & ContainersStorageNetworkDatabase & AnalysisSecurityManagement & ApplicationsPrice calculatorSolutionsIndustriesHealthcarePublic SectorScience and researchAutomotiveMedia and broadcastingRetailUse CasesArtificial intelligenceHigh Performance ComputingBig data and analyticsInternet of ThingsDisaster RecoveryData StorageTurnkey solutionsTelekom cloud solutionsPartner cloud solutionsSwiss Open Telekom CloudReferencesPartnerCIRCLE PartnerTECH PartnerBecome a partnerAcademyTraining & certificationsEssentials trainingFundamentals training coursePractitioner online self-trainingArchitect training courseCertificationsCommunityCommunity blogsCommunity eventsLibraryStudies and whitepaperWebinarsBusiness NavigatorMarketplaceSupportSupport from expertsAI chatbotShared ResponsibilityGuidelines for Security Testing (Penetration Tests)Mobile AppHelp toolsFirst stepsTutorialStatus DashboardFAQTechnical documentationNewsBlogFairs & eventsTrade pressPress inquiriesMarketplaceCommunity

0800 3304477 24 hours a day, seven days a week

Write an E-mail 

Book now and claim starting credit of EUR 250
ProductsCore ServicesPrivate CloudManaged ServicesBenefitsPricesPricing modelsPrice calculatorSolutionsIndustriesUse CasesTurnkey solutionsSwiss Open Telekom CloudReferencesPartnerCIRCLE PartnerTECH PartnerBecome a partnerAcademyTraining & certificationsCommunityLibraryBusiness NavigatorMarketplaceSupportSupport from expertsHelp toolsTechnical documentationNewsBlogFairs & eventsTrade pressPress inquiries
  • 0800 330447724 hours a day, seven days a week
  • Write an E-mail 
Book now and claim starting credit of EUR 250
HomeProducts & ServicesCore ServicesIdentity & Access Management

Identity & Access Management (IAM)

The Identity and Access Management (IAM) service provides granular access control for Open Telekom Cloud services. It is an essential service for cloud environments to identify and authorize cloud users.

IAM helps you securely control access to resources by centrally managing user data and authorizations, making it one of the cornerstones for secure working in the cloud.

With IAM, you can define which users are allowed to access which services and resources under which conditions to ensure the least privilege principle.

One hand types on a laptop with a security lock hovering above it, the other hand holds a smartphone

Reasons for IAM in the Open Telekom Cloud

Light green icon with a security lock behind it a gray cloud with server icon

Security & Compliance

IAM helps you restrict cloud resource access to authorized users and services only. It enables control and monitoring of user access and supports adherence to security policies and compliance regulations.

A gray bordered icon with several users in blue in the center and a gray key behind it

Scalability

Cloud environments are dynamic and scalable, which means that the number of users and resources can change quickly. IAM makes it possible to quickly add new users or change access rights to support the scalability and agility of the cloud infrastructure.

Turquoise icon of an open application, behind it a gray euro symbol on a sheet of paper

Cost optimization

IAM is integrated into the Open Telekom Cloud and is free of charge. The management of user and resource access rights prevents costs, e.g., due to excessive authorizations or underutilization of resources. In addition, companies achieve their compliance and security goals, avoiding high costs for security breaches or non-compliance.

Key features of IAM

Blue icon with a white security lock

Access control

Create IAM users and groups and use policies to grant or deny access to specific services and resources. IAM also provides an additional isolation layer: projects. This layer controls user access to different projects and grants permissions within the same project.

Light blue icon with a user symbol and a check mark above it

Integration

Establish a position of trust between your existing identity system by creating a SAML-based or OpenID Connect-based identity provider. This way, users in your organization can log in to the Open Telekom Cloud via Single Sign-On (SSO).

Green icon with shield symbol and a check mark

Delegation

Delegate a trusted Open Telekom Cloud account or cloud service to access your resources based on assigned permissions.

Light green icon with shield symbol, inside a gear wheel

Account Security

With IAM, you can configure security settings, including logon authentication policies, password policies, and access control lists.

Structure and function

IAM manages users and permissions for cloud resources in the Open Telekom Cloud. Cloud resources are services or objects, such as the Key Management Service (KMS) or Object Storage Service (OBS) and associated actions on objects, such as creating a key in KMS or deleting a bucket in OBS.

For the management of authorizations, IAM supports three user types:

  • Agency users are users from other Open Telekom Cloud clients who have been granted access to this client.
  • IAM users are users created and managed in the client's IAM system by the administrators. This is the default user type.
  • Federate users are from third-party IAM systems that can log on to the Open Telekom Cloud via a federation, for example from a federated Active Directory or LDAP.
Symbolic representation of access rights management with IAM
 

With the IAM service, you can define who is allowed to access what. For each access request, the set permissions are evaluated and denied by default. Only an explicit "allow" grants access.

Users are assigned to groups which are in turn assigned permissions. Based on the sum of all assigned permission sets / policies, access is evaluated and granted or denied to the users of that user group.

 

IAM policies include actions, resources, and conditions. You can either use the system default policies or create new custom policies using JSON or the graphical editor. 

Access can be set up through the Management Console or the API.

Symbolic representation user group authorization
 



IAM in the Open Telekom Cloud adds an additional isolation layer called projects. Projects can be spanned at the region level (region-based authorization) and serve as isolation to different environments in the same tenant.

The costs of the individual projects are added up on the tenant, so that this can also result in optimized prices (e.g., by jointly achieving higher scales for object storage).

Symbolic representation of project area and user group access
 

Frequently asked questions about IAM

Does IAM manage all access in the Open Telekom cloud landscape?

IAM is an integral part of the cloud landscape and is used to control access to services. However, it is used to control the management of products via the management console or API. For example, IAM does not manage access to the operating system of an ECS instance or the root account of an RDS instance.

What standard IAM permissions are available?

Permissions are described in the Help Center.

How can I create custom IAM policies according to my needs?

This is described in the Help Center. In addition, this blog article gives an overview of the supported actions per service.

 
 

New Features

Identity and Accessmanagement (IAM) Version 2.6 ReleaseView Details
IAM's access permissions for the EVS are now also available in the NL regionView Details
Identity and Access Management (IAM) Version 2.7 ReleaseView Details
Don't want to miss any updates?Visit our portfolio roadmap and discover new services and updates.
Learn more
view all release notes
 

Find out more

Pricing overview


Price calculator
Pricing Models: Management & Applications
Service description incl. price list (PDF)

Documentation


Identity and Access Management

Tutorials


Automating with APIs
How to create Custom Policies

 

Book now and claim starting credit of EUR 250* (code: 4UOTC250)

Book now
 
Take advantage of our consulting services!
Our experts will be happy to help you.
We will answer any questions you have regarding testing, booking and usage – free and tailored to your needs. Try it out today!

Hotline: 24 hours a day, seven days a week 
0800 3304477from Germany
+800 33044770from abroad
Write an E-mail

* Voucher can be redeemed until December 31, 2024. Please contact us when using the voucher for booking. The discount is only valid for customers with a billing address in Germany and expires two months after conclusion of the contract. The credit is deducted according to the valid list prices as per the service description. Payment of the credit in cash is excluded.

 

The Open Telekom Cloud Community

This is where users, developers and product owners meet to help each other, share knowledge and discuss.

Discover now

Free expert hotline

Our certified cloud experts provide you with personal service free of charge.

 0800 3304477 (from Germany)

 +800 33044770 (from abroad)

 24 hours a day, seven days a week

Write an E-Mail

Our customer service is available free of charge via E-Mail

Write an E-Mail

AIssistant Cloudia

Our AI-powered search helps with your cloud needs.

In order to use our AI-powered seach you must first accept the cookies for services by other companies.

Accept the cookies for services by other companies