Overview
The Identity Management feature under the Governance and Security module, lets Administrators discover and manage:
Cloud provider Users
User groups
Identity providers
Roles
IAM management policies
Tenant Administrators can visualize and control access to cloud resources by performing:
User and User Groups mapping visualization
Access policy remediation
IAM Discovery & Access Management Mapping
Identity management and Visualization are the top Governance and Security goals for all enterprises. The CMP portal lets enterprises to visualize and remediate deficiencies in their identity policy enforcement.
noteNote
This feature is available only for Amazon Web Services (AWS) and Microsoft Azure Cloud Service Providers.
Note
This feature is available only for Amazon Web Services (AWS) and Microsoft Azure Cloud Service Providers.
To access a Cloud Service Provider Identity:
Login to your CMP account.
Navigate to Governance & Security > Identity > Users.
You’ll be able to view detailed information of your CMP in these tabs:
Users
User Groups
Roles
Policies
All tabs have a create a new user, user group, role, and policy respectively. A new enhancement to the Governance and Security Module’s Identity Management has been to add Azure IAM auto Discovery and Azure Access Management Policies, Users and User Groups mapping visualization, as well as access policy remediation features.
Users and User Groups
The Users and User Groups tabs lists all the users and groups under a Cloud Service Provider. If you’ve enabled continuous monitoring on your Amazon Web Services (AWS) or Microsoft Azure account, the list gets automatically updated with the changes to your cloud account. Clicking on any of the Accounts listed under the Users tab opens up a User dialog. The User dialog allows you to view User Details, Connected User Groups and Policies for the User.
You can reposition and click the elements of the Map above for a detailed view of the Policies or User groups associated with a User. You can remove a User from a User Group or Policies via the User Groups and Policies tabs respectively.
Identity Provider
The Identity Provider tab is specific to Amazon Web Services (AWS) accounts only. You can manage your user identities outside of your Amazon Web Service (AWS) account and provide permission to use your AWS resources.
Roles
The Roles tab lists the roles that are set up on your cloud account.
Clicking on any of the Accounts listed under the Roles tab opens up a Role dialog. The Role dialog allows you to view Role Details and Inline Policies.
You can edit the Trust Policy Document in JSON format directly from the Role dialog. The policy changes will reflect in your cloud account as well. You can view your Trust Policies in a tabular JSON format via the Inline Policies tab.
Policies
The Policies tab lists the policies within your cloud account. Clicking on any of the Accounts listed under the Policies tab opens up a Policies dialog.
You can view the following Policy information under these tabs:
Policy Versions: tab lists all the versions of the policy that exist on your cloud account. You can also view the default Policy Version that’s currently in use.
Attached Users: tab lists all active users that are associated with the policy.
Attached Groups and Attached Roles: tabs list the active Groups and Roles associated with the policy.
You can reposition and click the elements of the Map above for a detailed view of the Attached Users, Attached Groups, Attached Roles, and Policy versions associated with a Policy.