Set the Login Password

Use the username + password set to log in; (recommended)

1. In the "List of IAM user Management", click "Settings" for the user column with no password, and the pop-up "Set the Password" appears. Upon the successful setting, the user can log in via the "Username" and "Password".

2. You can check the option that "The user is required to reset the password the next time he logs in", and then the system will ask the IAM user to reset the password the next time he logs in.
3. Also, you can select to "Bind the Intranet Account", and select "Baidu Account"; then, the IAM user logs in with Baidu account and the password of the account when he logs in.

Two Factor Authentication of IAM User

The Two Factor Authentication is a safe and effective security authentication method. It can provide another layer of protection in addition to the username and the password. Currently, the Two Factor Authentication can provide login and operation protection.

Login protection: If the IAM user enables the login protection, he cannot log in successfully until he verifies the identity by SMS or MFA when he logs in the account.

Operate protection: After the operate protection is enabled, the identity authentication needs completing at first before the user performs any sensitive operations to ensure that the operation is made by the user himself.

Enable the Two Factor Authentication

1. Select the member account from the user list on the tab "User Management", click the username or "Management" to enter the detail page of the user.

2. Click "Edit" button at the column of "Two Factor Authentication", and select the protection mode to be enabled after the login and operation protection. The SMS and MFA authentication are optional. Please refer to The Administrator Enables the Two Factor Authentication for the IAM user for detailed information about MFA of the IAM user.

3. The root account enables the login protection for the IAM user, who needs to perform SMS secondary verification or MFA verification when the IAM user logs in.

4. The root account enables the operation protection for the IAM user, who needs to perform SMS secondary verification or MFA verification when the IAM user conducts sensitive operations.

Note:

1. If the root account enables the login protection, but the IAM user has not bound the phone number yet, the system automatically jumps to the page on which the phone number is bound when the IAM user logs in the console the next time for the operation to bind the phone.
2. If the root account enables the operation protection and the IAM user binds the phone number, the system sends a message to the IAM user for verification when the account exception is detected or the sensitive operations are performed.
3. If the root account disables the operation protection of the IAM user, no message is sent to the IAM user in case of account exception detected or sensitive operations performed.

Create the IAM User ak

1. The AccessKey (AK) shall be created for the IAM user that has been created if the IAM user needs to call the cloud service API programmatically.
2. Manage AccessKey: You can delete the new AccessKey according to the actual situation.

You are recommended to replace AK periodically for your application to avoid the risk of AK leakage.