Function Release Records

Updated at：2025-10-27

Release time	Function overview
2025-02	IAM role-based SSO: Support multi-role federated login IAM role-based SSO: Support modifying bound mobile phone numbers for roles in the user center
2025-01	Security certification: Added API Key certification mechanism, supporting new certification capabilities for Qianfan ModelBuilder, Qianfan AppBuilder, and AI Open Platform
2024-08	Permission policy: API granular permissions support resource selectio Account management: A single mobile phone number is limited to activating 10 accounts Experience optimization: User center upgraded with new visual effects
2024-07	Experience optimization: SAML auxiliary domain name available to support "-” Experience optimization: Improved prompt information on the IAM User Login page
2024-06	Permission policy: Support API-granular permissions (operation-level permissions) OpenAPI & SDK: Provide the Go SDK for certification management Experience optimization: IAM user details page available to support virtual MFA unbinding
2024-05	Permission policy: Support API-granular permissions (operation-level permissions) Experience optimization: Comprehensive style upgrade for IAM User Login page Experience optimization: IAM User Login page available to automatically detect SSO, defaulting to enterprise account login
2024-04	Permission policy: System policies support viewing reference records Configuration: Default login session validity period changed to 24 hours Experience optimization: Comprehensive style upgrade for root account login page Experience optimization: Account cancellation, avatars, and navigation upgraded to the latest visual effects
2024-03	Enterprise organization: Added constraints for verified sub-account exiting the organization Certificate management: Sub-user AK available to support Open API calls OpenAPI: Certificate details API now available to support fingerprint query Experience optimization: Role switching page upgrade with new visual effects
2024-02	Account management: Support logging into Baidu accounts using third-party accounts (WeChat/QQ/Weibo) Settings: Optimized IP allow list configuration experience OpenAPI: Added IAM role federated SSO OpenAPI Experience optimization: Security certification upgrade with new visual effects Experience optimization: Mobile web login experience upgraded with prominent Baidu App one-click login
2024-01	Role management: The role list supports searching by role name or description Role management: Support unbinding BCC instance roles
2023-11	Configuration: Default login session validity period changed to 3 hours
2023-09	Permission policy: The IAM Service natively supports custom permission policies
2023-08	Permission policy: Added CCR tag-based authorization SSO: Baidu Mini Program authorization now enables SSO to Baidu AI Cloud
2023-06	Account management: Experience upgraded with "Last login" marker Enterprise organization: Support sub-accounts exiting the financial circle
2023-04	Enterprise organization: Rapid creation of sub-accounts supports direct password setting and quick completion of real-name certification Account management: Merged cloud account registration and activation processes Account management: Upgraded mobile web login page style Permission policy: Refined billing permissions with newly added order creation permission
2023-03	Security certification: AK prefix added: ALTAK. to enhance security Account management: Baidu Billing now supports SMS verification code login
2022-09	Newly integrated primary-IAM user service: Cloud smart network CSN Newly integrated primary-IAM user service: RESOLVER
2022-07	Newly added primary-IAM user service: Smart network access service SMART_WAN
2022-06	Newly integrated primary-IAM user service: Cloud firewall (CFW) Newly added primary-IAM user service: Lightweight application server LS
2022-02	New primary-IAM user service integration: Cloud-native Database GaiaDB-S
2021-12	Newly added primary-IAM user service: Springer security and privacy compliance platform SPRINGER
2021-06	Newly added primary-IAM user service: API gateway
2021-01	Newly added primary-IAM user service integration: Database audit DBAudit
2020-12	Newly added primary-IAM user service: Edge computing BEC
2020-11	Newly integrated primary-IAM user service: Data transmission service DTS
2020-07	Added IAM java sdk
2019-12	Identity and access management, enterprise organization, and message center internationalization. Certificate management: Support querying certificate details and status APIs by certificate name. Enterprise organization: Added Account-level federated authentication (SSO). Configure SAML 2.0-based federated certification between enterprise directories and organizational sub-accounts. Custom policy restraints: Added BOS secureTransport support. Users can use the secureTransport field to require IAM users or services to access BOS resources via HTTPS. Security settings now include AccessKey leakage probe and alert. With IP allow list access enabled, users can activate the AK leakage probe and alert switch. For accesses beyond the IP allow list, alerts can be triggered through Baidu Cloud Monitor's event monitor service when certain conditions are satisfied. Newly added tag permission service: Live audio and video streaming LSS. Newly integrated primary-IAM user service: Cloud intelligent advisor ABC Advisor.
2019-11	Enterprise organization service control policy SCP supports configuring multiple services in a single policy. Previously, users could only configure one SCP per service. Baidu AI Cloud accounts enable self-service account cancellation functions. Users can initiate the cancellation of your cloud account through the Baidu AI Cloud App. Prior to this, the only way to cancel the cloud service was by directly canceling the Baidu account. External account access supportsIAM role-based SSO and IAM User Federation, thereby enabling single sign-on (SSO) to Baidu AI Cloud as custom IAM roles or IAM sub-users. Previously, SSO was only possible by a system administrator. Custom policy restraints: Added BOS sourceVpc support. Users can restrict permission to access files stored in BOS buckets through the VPC field. Security settings now include password policies. Users can now configure detailed password policies in settings including password strength, validity period, expiration policy, historical password check, and incorrect attempt limits. Previously, users could only set the password validity period for IAM users. Newly added tag authorization services: virtual private cloud (VPC), Baidu Object Storage (BOS). Newly integrated primary-IAM user service: Secure compute node BEC.
2019-10	The cloud account security information must match the login account (Baidu account, promotion account). For previously inconsistent accounts, synchronize immediately via user center or by modifying login account security settings. Certificate management supports hosting client CA certificates. Newly added tag authorization service: Baidu Load Balancer (BLB). Newly integrated primary-IAM user service: Secure compute node BEC.
2019-09	In the security settings, the default console session duration has been adjusted from 30 minutes to 1 hour, with optimized session duration configuration experience. Custom policies support constraints. Currently, users can add access time constraints to each defined custom policy. The first phase of OpenAPI has been released for Enterprise organization. Users can leverage OpenAPI to create enterprise organizations, manage sub-accounts, manage organization units, etc. Newly integrated tag authorization service: Baidu Baremetal Server (BBC). Newly integrated primary-IAM user service: Security Risk Detection (SRD).
2019-08	The newly added Signature Troubleshooting Tool provides intermediate results at different stages to help quickly troubleshoot signature issues, along with an SDK package for certification The new MFA feature allows the user (or an administrator) to configure two MFA verification methods for the own account or IAM Users. Authentication succeeds if either method is verified, thereby ensuring secure access while improving user convenience. Previously, when enabling MFA, users could only choose SMS or virtual MFA methods Certificate management enables OpenAPIs for querying, updating, and deleting certificates. New certificate management OpenAPI enables updating deprecated certificate contents without changing certificate IDs, thereby ensuring continuity. By using the delete certificate API, users can delete expired and inactive certificates in batch Custom policy specific resource option optimization. Adjusted the display fields of Custom Policy - Generate by Policy Generator - Specific Resource Lists. The selection pool shows up to 3 columns while selected items show only 1 column to ensure sufficient information display Services integrated with tag authorization support displaying selected instance inventory and count by region. Previously, users could only view authorized instance lists through the total number of service instances Tag authorization service has newly integrated EIP, cloud database RDS, cloud database SCS, etc. Optimized performance for retrieving IAM user lists and sub-account lists
2019-07	Enhanced custom policy features: Policy generator now supports the following new functions A single policy can be configured for multiple services and supports instance authorization across multiple regions Enabled deny permission precedence: Deny permissions always take priority over allow permissions Distinguish between all resources and specific resources - use "all resources" to support instance-free operations such as creation/addition The IP allow list feature now restricts OpenAPI calls for certain services, ensuring only authorized IPs can programmatically access your cloud resources, preventing data leaks and meeting enterprise security requirements Organization units can be applied to enterprise architecture hierarchies, agent-customer models under distributor scenarios, unified group management of accounts, and permission restrictions. The current update primarily enhances the following features: Separated the logical relationship between organizational units and accounts, highlighting the container nature of organizational units Visualization of organizational units and the operational logic of SCP policies within accounts Upgraded user interaction experience When authorizing system policies for specific services to IAM users, groups, or roles, associated services can also be authorized. It currently supports primary services include BCC, DCC, RDS, SCS, BLB, NAT gateway, VPN gateway, peering connection, direct connect gateway, BMR, etc. with associated permissions covering VPC, subnet, security group, etc. Authorized objects—IAM users, groups, roles—now support batch authorization and removal of custom policies to improve operational efficiency Tag authorization service now supports cloud server BCC, physical server DCC, cloud disk CDS, and other services
2019-06	Users can manage users, groups, and permissions through the provided REST API
2019-04	Added role management function. IAM roles (hereinafter uniformly referred to as roles) refer to virtual identities that, like user identities, can be associated with permissions to operate resources. However, they bear no definitive identity certification key and must be assumed by a trusted entity user for proper use. Users can leverage roles as a bridge to grant access permissions to users, applications, or services requiring access to the cloud account resources
2019-03	Support configuring login session expiration. A login session expires when a user remains inactive after logging in within the validity period. To ensure account security, the user is required to log in again
2018-11	Cloud Trail has integrated the following products: DCC/RDS/DTS/DNS/EIP/TAG/SCS/BES/BCH/EIPBP/SMS/BTS.
2018-09	View all user (primary/IAM User) access logs and resource instance operations in IAM's Operation Inventory for security analysis, resource changes, and compliance audits

FAQs

Operation guide

IAM IAM

IAM IAM

Function Release Records