Jump toUpdate content

IAM - Quickstart

Reviewed on 19 June 2023Published on 10 June 2022

Identity and Access Management (IAM) allows you to share access to the management of your Scaleway resources and Organization settings, in a controlled and secure manner. With IAM, you can invite other users to your Organization, as well as create IAM applications which represent non-human users with their own API keys. You define permissions for users and applications in your Organization via highly customizable policies. Policies let you specify exactly what rights users and applications (or groups of users and applications) should have within your Organization.

Read our dedicated page for a general overview of IAM and how it works.

Requirements:

How to invite a user to your Organization

Invite other users to be able to give them access to your Organization. You will be able to define the exact level of access to give by creating a policy for them later.

  1. Click Identity and Access Management (IAM) from the top-right of your Organization Dashboard in the Scaleway console. The Users tab of the Identity and Access Management dashboard displays.
  2. Click the «Plus Icon» button to add a user. The following screen displays:
  3. Enter the email address of the person you want to invite. If you want to invite more than one user, enter multiple email addresses separated by commas. Optionally, you can also select a group to add the user to.
  4. Click Invite to send the invitation. The user receives an email inviting them to accept your invitation. If they do not already have a Scaleway account, they will be prompted to create one first.
  5. The user appears in the list of your Organization’s users once they have accepted the invitation:

How to create an application

IAM applications are non-human users in an Organization, enabling you to give programmatic access to resources.

  1. Click Identity and Access Management (IAM) from the top-right of your Organization Dashboard in the Scaleway console. The Users tab of the Identity and Access Management dashboard displays.
  2. Click the Applications tab. A list of the Organization’s existing IAM applications displays.
  3. Click the «Plus Icon» button to create a new IAM application. The application creation wizard displays:
  4. Complete the steps of the creation wizard:
    • Enter a name for the application, or use the auto-generated name suggested for you
    • Enter a description (optional)
    • Attach an existing policy to the application (optional)
    Note:

    You can choose not to attach a policy to the application at this stage. Unless your application is a part of a group, be aware that until you attach a policy to the application, it will have no permissions in your Organization.

  5. Click Create application to finish.

How to give permissions to users and applications via policies

Users you have invited to your Organization, and applications you have created, have no rights or permissions until you attach policies to them, as described below.

  1. Click Identity and Access Management (IAM) from the top-right of your Organization Dashboard in the Scaleway console. The Users tab of the Identity and Access Management dashboard displays.

  2. Click the Policies tab. A list of the Organization’s existing policies displays:

  3. Click the «Plus Icon» button to create a new IAM policy. The policy creation wizard displays:

  4. Complete the steps on the first page of the creation wizard:

    • Enter a name for the policy.
    • Enter a description (optional).
    • Select a principal, that will be the target of your policy. The principal should be the user, application or group who you want to grant specific permissions to through this policy.
    Important:

    You can choose to create a policy without a principal for now, and attach the principal later. Be aware that the policy will have no effect until a principal is attached. A policy can only be attached to one principal at a time.

  5. Click Add rules to progress to the next part of the policy creation wizard.

    Tip:

    Rules define the actions that the attached principal will be able to carry out within the Organization. When creating a rule, you first set the scope of the rule, and then select the permission sets to apply within the scope. See our dedicated documentation for more help with policies, rules, scopes and permission sets.

  6. Select a scope for the rule:

    • To give the principal permissions to view, create, edit and/or delete resources, select the Access to resources scope. Then, select the Project in which you want the permissions to apply. You can select from all current and future Projects, all current Projects or select specific Projects.
    • To give the principal permissions to Organization-level features such as IAM, billing, support & abuse tickets and project management, select the Access to Organization features scope.
  7. Click Validate to continue.

  8. Choose the permission sets for the rule by selecting the required boxes. You can select as many permission sets as you like. The principal will have the rights defined in these permission sets within the scope you set in step 6. See our dedicated documentation for more help with permission sets.

  9. Click Validate. The rule, with its scope and permission sets, is added to the list of the policy’s rules.

  10. Click Add new rule and repeat steps 6-8 as many times as required to add multiple rules to your policy.

    Tip:

    You can delete «Delete Icon» or edit «Edit Icon» an existing rule by clicking the relevant button in the top right corner of the rule’s summary.

  11. Click Create policy to finish.

    You are returned to the Policies tab, where the newly-created policy now appears in the list.