Open Telekom Cloud voor zakelijke klanten

Identity and Access Management (IAM)

The Identity and Access Management (IAM) service provides granular access control for Open Telekom Cloud services. It is an essential service for cloud environments to identify and authorize cloud users.

IAM helps you securely control access to resources by centrally managing user data and authorizations, making it one of the cornerstones for secure working in the cloud.

With IAM, you can define which users are allowed to access which services and resources under which conditions to ensure the least privilege principle.

One hand types on a laptop with a security lock hovering above it, the other hand holds a smartphone

Reasons for IAM in the Open Telekom Cloud

Light green icon with a security lock behind it a gray cloud with server icon

Security & Compliance

IAM helps you restrict cloud resource access to authorized users and services only. It enables control and monitoring of user access and supports adherence to security policies and compliance regulations.

A gray bordered icon with several users in blue in the center and a gray key behind it


Cloud environments are dynamic and scalable, which means that the number of users and resources can change quickly. IAM makes it possible to quickly add new users or change access rights to support the scalability and agility of the cloud infrastructure.

Turquoise icon of an open application, behind it a gray euro symbol on a sheet of paper

Cost optimization

IAM is integrated into the Open Telekom Cloud and is free of charge. The management of user and resource access rights prevents costs, e.g., due to excessive authorizations or underutilization of resources. In addition, companies achieve their compliance and security goals, avoiding high costs for security breaches or non-compliance.

Key features of IAM

Blue icon with a white security lock

Access control

Create IAM users and groups and use policies to grant or deny access to specific services and resources. IAM also provides an additional isolation layer: projects. This layer controls user access to different projects and grants permissions within the same project.

Light blue icon with a user symbol and a check mark above it


Establish a position of trust between your existing identity system by creating a SAML-based or OpenID Connect-based identity provider. This way, users in your organization can log in to the Open Telekom Cloud via Single Sign-On (SSO).

Green icon with shield symbol and a check mark


Delegate a trusted Open Telekom Cloud account or cloud service to access your resources based on assigned permissions.

Light green icon with shield symbol, inside a gear wheel

Account Security

With IAM, you can configure security settings, including logon authentication policies, password policies, and access control lists.

Structure and function

IAM manages users and permissions for cloud resources in the Open Telekom Cloud. Cloud resources are services or objects, such as the Key Management Service (KMS) or Object Storage Service (OBS) and associated actions on objects, such as creating a key in KMS or deleting a bucket in OBS.

For the management of authorizations, IAM supports three user types:

  • Agency users are users from other Open Telekom Cloud clients who have been granted access to this client.
  • IAM users are users created and managed in the client's IAM system by the administrators. This is the default user type.
  • Federate users are from third-party IAM systems that can log on to the Open Telekom Cloud via a federation, for example from a federated Active Directory or LDAP.
Symbolic representation of access rights management with IAM

With the IAM service, you can define who is allowed to access what. For each access request, the set permissions are evaluated and denied by default. Only an explicit "allow" grants access.

Users are assigned to groups which are in turn assigned permissions. Based on the sum of all assigned permission sets / policies, access is evaluated and granted or denied to the users of that user group.


IAM policies include actions, resources, and conditions. You can either use the system default policies or create new custom policies using JSON or the graphical editor. 

Access can be set up through the Management Console or the API.

Symbolic representation user group authorization


IAM in der Open Telekom Cloud fügt eine zusätzliche Isolationsebene namens Projekte hinzu. Projekte können auf Regionsebene aufgespannt werden (Region-based Authorization) und dienen als Isolation zu verschiedenen Umgebungen im gleichen Tenant.

Die Kosten der einzelnen Projekte werden auf dem Tenant aufsummiert, so dass sich hieraus auch optimierte Preise ergeben können (z.B. durch gemeinsames Erreichen höherer Skalen für Objektspeicher).


IAM in the Open Telekom Cloud adds an additional isolation layer called projects. Projects can be spanned at the region level (region-based authorization) and serve as isolation to different environments in the same tenant.

The costs of the individual projects are added up on the tenant, so that this can also result in optimized prices (e.g., by jointly achieving higher scales for object storage).

Symbolische Darstellung von Projektbereich- und Benutzergruppenzugriff
Symbolic representation of project area and user group access

Frequently asked questions about IAM

Does IAM manage all access in the Open Telekom cloud landscape?

What standard IAM permissions are available?

How can I create custom IAM policies according to my needs?


Do you have any questions?

Are you interested in IAM or do you have any questions regarding IAM? I will be happy to answer your questions in a free consultation!

T-Systems International GmbH
Tino Fehnle

Picture of Tino Fehnle

New Features

Cloud Backup & Recovery (CBR) supports IAMs policies in EU-NLView Details
SFS Turbo supports IAM fine-grained policiesView Details
OBS supports IAM granular access permissions in NLView Details
COMING SOONQ2/2023 - IAM upgrade to version 2.6

Find out more


Bestel nu en ontvang starttegoed ter waarde van € 250* (code: 4UOTC250)

Profiteer van ons adviesaanbod!
Gratis en deskundig.
Wij beantwoorden je vragen over de testmogelijkheid, boeking en het gebruik – gratis en persoonlijk. Probeer het uit!
088 447777(tijdens kantooruren)
+800 33044770internationale hotline (24/7)

* Voucher is inwisselbaar tot 31.12.2023. Neem contact met ons op voor het bedrag van de voucher bij de boeking. Het kortingsvolume is alleen geldig voor klanten met een factuuradres in Duitsland en vervalt 2 maanden na het afsluiten van het contract. Het tegoed wordt verrekend met de geldige catalogusprijzen volgens de servicebeschrijving. Een uitbetaling is uitgesloten.

  • Communities

    De Open Telekom Cloud Community

    Gebruikers, ontwikkelaars en producteigenaren komen hier samen om elkaar te helpen, uit te wisselen en te bespreken.

    Ontdek nu

  • Telefon

    Gratis hotline voor experts

    Onze gecertificeerde cloud-experts bieden u een persoonlijke service.

    Bel: 088-447777 (tijdens kantooruren)

    of bel de internationale hotline:

    +800 33044770

    (24 uur per dag, 7 dagen per week)

  • E-Mail

    Onze klantenservice staat gratis tot uw beschikking via e-mail support.

    Stuur een e-mail