Identity and Access Management (IAM)
Connect the corporate directory of your choice (ADFS, Azure AD, Google Workspace, Okta...) to your OVHcloud Control Panel for hassle free management of multiple accounts and benefit from seamless authentication for your users.
Unified and harmonized across OVHcloud portfolio including 3rd party software
OVHcloud IAM offers seamless privilege management of your users, groups and applications across the entire product portfolio including VMware on OVHcloud and Openstack.
Fine grained policy management
Foster collaboration securely. Fine tune access privileges based on multiple conditions like role and responsibilities, type of resources...
IAM is available through OVH API so that you can harness the power of automation and boost productivity. By automating the different aspects of managing authentication, identities, and policies, you improve the productivity of your teams and foster collaboration securely. And with the multi-tenant feature, you can easily delegate access to your trusted partners while keeping granular access control.
Included at no extra cost
The IAM feature is included in your OVHcloud account at no extra cost.
How it works
With OVHcloud IAM, easily determine who can access which of your OVHcloud resources and for which purpose.
OVHcloud's access management is based on a policy management system with a zero-trust model. It's possible to write different policies that give your users access to specific features associated to the products linked to your OVHcloud account.
Policies contain a list of identities (accounts, users, user groups) concerned by the policies; a list of resources where the policies should apply, and a list of actions that are allowed to be performed on them.
Use the identity provider of your choice as the single source of trust for your users and allow them to use their regular account to access OVHcloud products. By leveraging SAMLv2 federation protocol you can smoothly connect the Identity Provider of your choice like ADFS, Azure AD, Google Workspace, Okta...
Separate access between your production resources and your test-bed environment.
Enforce stringent policies to keep control of your production environment and ensure the highest grade of security and continuity of your services while allowing more users to access your test-bed environment.
Prevent unwanted actions
Reduce the risk associated to identity theft or rightful administrator error as a result of restricting access to sensitive actions to a limited set of people.
Get Started with Identity Access Management
Enabling SSO connections with your OVHcloud account
Use single sign-on (SSO) to connect to your OVHcloud account. To enable these connections, your account and Identity Provider (IdP) have to be configured using Security Assertion Markup Language (SAMLv2) authentication.
Enabling Google Workspace SSO connections with your OVHcloud account
Learn how to associate your Google Workspace service with your OVHcloud account via SAML 2.0
How to use IAM policies using the OVHcloud API
Learn how to provide specific access rights to users of an OVHcloud account by creating a new policy.
Why would I need OVHcloud IAM?
You don't want all your users or applications accessing all your cloud resources.
You need to secure access to your OVHcloud resources and apply granular permissions for users within your organization by granting access to certain resources.
OVHcloud IAM helps you to centrally manage the aspects of identity management, identity federation and access management to easily enforce access policy and as a result improve access security and enhance the team productivity.
What is Identity Federation?
Identity Federation enables Single Sign-On (SSO) through OVHcloud products, and lets you use the Identity Provider (IdP) of your choice (ADFS, Azure AD, Google Workspace, Okta...) to log into the OVHcloud Control Panel using the SAMLv2 federation protocol.
What do I have to do to start using IAM on my OVHcloud products and services?
IAM is currently in beta phase and you can try it out by registering here.
What is the protocol used for OVHcloud Identity Federation?
Identity federation supports the SAMLv2 protocol.
Is OVHcloud IAM a paid service?
No, OVHcloud IAM is included in your products at no extra cost and for all customers.
Does activating IAM change the way I access my existing products and resources?
No, the existing way of accessing your products and services will be the same unless you change them using the policies.