NavigationContentFooter
Jump toSuggest an edit

How to manage IAM users

Reviewed on 26 June 2024Published on 20 June 2022

You can manage IAM users of an Organization if you are the Owner of that Organization, or if you have sufficient permissions (via policies) to do so. Management actions include adding and removing users to/from groups, attaching and detaching policies to/from users, viewing and deleting users’ API keys and removing users from the Organization.

Before you start

To complete the actions presented below, you must have:

  • A Scaleway account logged into the console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization

How to access the user overview

  1. Click Identity and Access Management (IAM) from the top-right of your Organization Dashboard in the Scaleway console. The Users tab of the Identity and Access Management dashboard displays.
  2. Click the name of the user you want to manage. Alternatively, click «See more Icon» next to the user, and select Overview. Either way, you are taken to the user’s Overview tab. Follow the steps below depending on the management action you wish to take.

How to view user information

From the user’s Overview tab, you can view information including the user’s status, type (Guest or Owner), joined on date and whether they have MFA enabled in the User Information panel at the top of the page.

On this page you can also find an extensive list of the user’s permission sets, the name of their associated policies and the scope they apply to.

How to manage a user’s groups

From the user’s Overview tab, scroll down to the Groups panel. A list of the groups the user is part of displays:

Remove a user from a group

  1. Click the x button next to the group you want to remove the user from. A pop-up displays asking you to confirm the action.
  2. Click Remove from group to confirm.
    Important

    Removing a user from a group means that any permissions given to them via the group (i.e. from an attached policy) will no longer apply. Be sure you want to remove these permissions from the user before proceeding.

Add a user to another group

A user may be part of multiple groups at the same time.

  1. Click Add to group to add the user to a group. A pop-up displays, prompting you to select a group.
  2. Select the group you want to add the user to from the drop-down list, or type the name of the group.
  3. Click Validate to finish. The user is added to the selected group, and you are returned to the Overview tab.
Tip

Learn how to create a new IAM group.

How to manage a user’s policies

From the user’s Overview tab, scroll down to the Policies panel. A list of policies attached to the user displays:

Detach a policy from a user

  1. Click the x button next to the policy you want to detach from the user. A pop-up displays asking you to confirm the action.
  2. Click Detach policy to confirm.
    Important

    Since policies can only be attached to one principal at a time, detaching a policy from the user means that the policy becomes orphaned. The policy will remain in your list of policies, but will have no effect until you attach it to another principal.

Attach another policy to a user

A user may be attached to multiple policies.

  1. Click Attach a policy to attach another policy to the user. A pop-up displays, prompting you to select a policy.
  2. Select the policy you want to attach to the user from the drop-down list, or type the name of the policy.
  3. Click Validate to finish. The selected policy is attached to the user, and you are returned to the Overview tab.
Tip

To create a new policy, see our dedicated how to.

How to view and delete user API keys

  1. From the user’s Overview tab, click the Credentials tab. You can view details of the user’s API keys.
    Note

    You cannot see the secret key part of any API keys, nor can you create an API key for any IAM user other than yourself.

    If you want to delete a user’s API key, proceed to the following steps:
  2. Click «See more Icon» next to the API key you wish to delete, and select Delete. A warning displays, reminding you that this action is permanent.
  3. Type DELETE and click Submit to confirm the action.

How to remove a user from the Organization

Note

To remove any users other than yourself, you must either be the Owner of the Organization, or have IAMManager permissions. The exception to this is that you can always remove yourself as an IAM user from an Organization in which you are a Guest, anytime. This equates to leaving the Organization. You cannot leave an Organization that you own.

  1. From the user’s Overview tab, scroll down to the Remove user panel:
  2. Click Remove user. A warning displays, asking you to confirm your action:
  3. Type REMOVE to confirm, and click Remove user to validate.
See also
How to accept an invitation to an OrganizationHow to create an application
Was this page helpful?
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2024 – Scaleway