百度智能云

All Product Document

          Identity and Access Management

          Release Notes

          Release Date Feature Overview
          2019-12
          • Identity and access management, organization, information center internationalization.
          • For certificate management, add the feature to query the details of certificate via the certificate name, certificate status interface.
          • For organizationef="https://cloud.baidu.com/doc/Reference/s/pk4wn0vx2" target="_blank" rel="noopener"> Account-level Joint Authentication (SSO). You can configure the joint accreditation between your enterprise directory and member accounts of organization based on SAML 2.0 protocol.
          • Custom Policy restricted conditions: The new object storage BOS supports secureTransport. You can use the secureTransport field to require that IAM users or services must use https to access BOS resources.
          • For security setting, add Access Key leakage Monitoring and Alarming . Under the premise that IP whitelist access is enabled, you can turn on the AK leakage monitoring and warning switch; for non-IP whitelist access, a warning may be given via the event monitoring service of the cloud monitoring after a certain conditions are met.
          • New access label authorization services: Live streaming service LSS.
          • New access root/IAM user services: Cloud intelligent advisor ABC Advisor.
          2019-11
          • Organization Control Policy SCP supports for configuration of multiple services with one policy. Before that, you can configure only one SCP for each service.
          • The account of Baidu AI Cloud provides self-helpAccount Cancellation feature. You can initiate the cancellation of your cloud account through the APP of Baidu AI Cloud. Before that, you can only cancel your cloud service by directly canceling your Baidu passport.
          • External account access support IAM Role Combination and IAM Role Combination , the single sign-on (SSO) to Baidu AI Cloud is used as a customized IAM role and IAM IAM user respectively. Prior to that, you can only log in Baidu AI Cloud by means of SSO as a system administrator.
          • Custom Policy restricted conditions: The new object storage BOS supports sourceVpc. You can restrict the access permission in the files stored in BOS bucket by vpc field.
          • For security setting, add Password Policy. You can configure the password service of IAM user, validity period of password, password expiration policy, historical password check, wrong password attempt and other detailed password policies in the settings. Prior to that, you can only set the validity period of the password for the IAM user.
          • New access label authorization services: Private network VPC, object storage BOS.
          • New access marootAM user services: Security computing node BEC.
          2019-10
          • The password protection information of the cloud account shall be kept consistent with the log ID (Baidu passport, promotion account). For the accounts that are different with the previous ones, you can choose to synchronize them immediately in the User Center, or synchronize them directly by modifying the password protection information of the login account.
          • The certificate management supports the hosted client CA certificate.
          • New access label authorization services: Load balance BLB.
          • New access mastroot user services: Security computing node BEC.
          2019-09
          • The default session time of the console in the security setting is adjusted from 30 minutes to 1 hour, and optimizes the setting experience of session time.
          • Custom Policy support restricted conditions. Currently, you can add the restricted conditions for the access time for each Custom Policy you define.
          • Business Organ release the first OpenAPI�� You can use OpenAPI to create and manage member account of the enterprise organizatioorganizationzation units, etc.
          • New access label authorization services: Physical server BBC.
          • New access root services: Security detection SRD.
          2019-08
          • Add new Signature Checking Tool provide intermediate results of different stages to help troubleshoot signature problems, and provide the authorized SDK packages.
          • The new MFA feature allows you to configure two MFA authentication methods for your own account or (administrator) IAM user at the same time. As long as any channel passes through the authentication, you can pass two identity authentications, and improve the convenience of users while ensuring the security access. Prior to that, when you enable MFA, you can only select short messages or virtual MFA.
          • The certificate management provides OpenAPI for querying, updating and deleting certificates. The newly released OpenAPI of the certificate management enables you to update the contents of certificates that are no longer in use without changing the certificate ID, so as to ensure that the certificate is updated and used continuously. By deleting certificate API, you can delete the expired certificates that are not in use in batch.
          • Custom Policy specific resource option optimization. Adjust the Custom Policy > generate according to policy generator>display field of the specific resource list, a maximum of 3 columns are displayed in the optional box, with only one column displayed for the selected box to ensure that the list fields can display enough information.
          • The service accessed to label service allows to display the list and number of selected examples by region. Prior to that, you can only view the list of authorized examples by the overall number of service instances
          • The label authorization services are newly accessed to elastic public network EIP, cloud database RDS, cloud database SCS and other services
          • Optimize the performance of accessing the list of IAM users and accessing the list of member accounts
          2019-07
          • The Custom Policy features have been enhanced, and currently, the Custom Policy generated by the policy generator supports the following new features
            • A policy can be configured for multiple services simultaneously, and supports the example authorization for multiple regions at the same time
            • Open the efficacy of deny permission, and the deny always takes precedence over allowance
            • Distinguish all resources from specific resources and use all resources to support creation/addition and other operations of resource-less example permission
          • Currently, the IP whitelist features allow to restrict the OpenAPI call of part of the services to ensure that only the permitted IP addresses can programmatically access your cloud resources, so as to prevent the enterprise data from being compromised and meeting the robust security needs of the enterprise
          • The organization unit can be applied to the scenario of agents and customer level at the organizational structure level within the enterprise and agent mode, account grouping and the same restriction management of the permission, etc. The revision mainly improves the following features:
            • Split the logical relationship between the organization unit and the account, highlight the container characteristics of the organization unit
            • Visualize the operational logics of the organizational unit and the SCP policy in the account
            • Upgrade the interaction experience of the users
          • When the system policy of the specific service is authorized to the IAM users, groups and roles, support to authorize their associated services simultaneously. The original services that have been supported currently include: BCC, DCC, RDS, SCS, BLB, NAT gateway, VPN gateway, peer to peer connection, special line gateway and BMR, etc., and the associated permissions are VPC, subnet and security group, etc.
          • Authorized object - IAM users, group and roles - and so on have supported the batch authorization and to remove the customized policies to increase the efficiency and convenience of your authorization operations
          • The label authorization services are newly accessed to Baidu AI Cloud Compute(BCC), physical server DCC, cloud disk CDS and other services
          2019-06 The user can manage the users and groups and grant the permission via the REST API Interface provided
          2019-04 Newly add Role Management feature. An IAM role (hereafter referred to as role) is a virtual identity that, like the user identity, can be associated with permissions to operate on resources, but it does not have a defined identity authentication key and needs to be played by a trusted entity user for proper use. You can use the role as the bridge to provide accesspermissione to the users, applications or services that need to access to your cloud account resources
          2019-03 Support Set the Session Expiration Time for Log-in. The log-in session expiration refers to that if no operation is made within the valid time after the user logs in, the user is required to log in again to ensure the security of the account
          2018-11 Cloud Trail is newly added to the product DCC/RDS/DTS/DNS/EIP/TAG/SCS/BES/BCH/EIPBP/SMS/BTS.
          2018-09 View the access records of all users(root/IAM users) in Operation Record in IAM as well as Operations records of your resource examples are used for security analysis, resource change and compliance audit
          Next
          Product Description