Cloud Identity & Access Management (Cloud IAM) lets administrators authorize who can take action on specific resources, giving you full control and visibility to manage cloud resources centrally. For established enterprises with complex organizational structures, hundreds of workgroups, and potentially many more projects, Cloud IAM provides a unified view into security policy across your entire organization, with built-in auditing to ease compliance processes.
Leverage Cloud Identity, Google Cloud’s built-in managed identity to easily create or sync user accounts across applications and projects. Cloud Identity makes it easy to provision and manage users and groups, set up single sign-on, and configure multi-factor authentication directly from the Google Admin Console. With Cloud Identity you get access to the GCP Organization, which enables you to centrally manage projects via the Cloud Resource Manager.
Cloud IAM provides the right tools to manage resource permissions with minimum fuss and high automation. Map job functions within your company to groups and roles. Users get access only to what they need to get the job done, and admins can easily grant default permissions to entire groups of users.
Cloud IAM enables you to grant access to cloud resources at fine-grained levels, well beyond project-level access.
Create more granular access control policies to resources based on attributes like device security status, IP address, resource type, and date/time. These policies help ensure that the appropriate security controls are in place when granting access to cloud resources.
A full audit trail history of permissions authorization, removal, and delegation gets surfaced automatically for your admins. Cloud IAM lets you focus on business policies around your resources and makes compliance easy.
Control resource permissions using a variety of options: graphically from the Cloud Platform console, programmatically via Cloud IAM methods, or using the gcloud command line interface.
references:
https://cloud.google.com/iam/
No comments:
Post a Comment