IAM

Discover the new authorization model that manages out-of-the-box role based access controls, custom roles, access groups, access policies, and attribute based access controls.

What is the benefit of IAM

The main benefit in this new Identity Access Management (IAM) authorization model is to improve the user experience and add value with the new features by increasingly converging all authorization and access management in one single place to better govern the capabilities of all Kyndryl Modern Operations Applications applications.

Brand new consistent and secure way to manage authorization in Kyndryl Modern Operations Applications in one single place.

Simple way to manage the right permission scopes to the right resources.

Intuitively assign permissions to the right group of users, and assign the right users to the right groups with the new Access Groups.

Implement an effective and consistent Attribute-based access control (ABAC) strategy across Kyndryl Modern Operations Applications.

Flexibility to group permissions for the specific needs of the organization by enabling the brand new Custom Roles.

Find familiarity with industry standard terminology and authorization models to easily comprehend and work with Kyndryl Modern Operations Applications.

Create a consistent Attribute-based access control (ABAC) and Role-based access control (RBAC) configurations across Administration, the subscriptions, and Common Services that is intuitive and simple to adopt.

Support the capability to manage ABAC for resources in the different cloud providers or any other technologies connected to the platform, making it easy to group resources in a secure manner.

Access Management concept comparison

The following table shows a comparison of the terminology used by each of the most common cloud providers in the industry. See how Kyndryl has integrated industry standards and adopted proven and widely used access management concepts.

Kyndryl Modern Operations Applications new authorization model	Concept description	IBM Cloud	Amazon Web Services	Azure	Google Cloud Platform	Kyndryl Modern Operations Applications Core legacy User Access
Users, Access Groups, Service IDs	Subjects added to the platform	Identities	Users, groups, and roles	User, group, service principal, managed identity	User accounts and service accounts. Supported identity types: Google Account, Service account, Google group, G Suite domain, Cloud Identity domain	Users, Organizations, Teams, Roles
Service IDs	ID for a service or application	Service IDs	Roles assigned to an app	User-assigned identity	Service accounts	N/A
API key	Credential used for a user or service ID	API key	Access Key	api-key	API key	User API key
Access Groups	Way to organize users and service IDs where all members of the group are assigned the same access	Access groups	Groups, roles	Active Directory groups	Google Groups	Team
Policy	Access assignment made up of a subject, target, and role	Policy	Policy	Role assignment	Policy	N/A
User ID, Access Group ID, Service ID	A user, service ID, or access group	Policy subject	An IAM user, group, or a role	Security principal	A resource	N/A
Roles	Collection of actions for a specific resource that are used as a building block to make an access policy	Roles	AWS-managed policy	Role definition	Predefined roles	Role
Custom Roles	Customer-defined and named role, including only the actions chosen by the user	Custom roles	Customer-managed policies	Custom roles	Custom roles	Custom roles
Permissions	What is allowed to be completed within the context of the platform or service	Actions	Actions	Permissions	Permissions	N/A
Resources	Target of an access policy	Resources	Resources	Resources	Resources	N/A
Resource Groups	Logical organization container for IAM-enabled services	Resource groups	Tags	Resource groups	Projects	N/A
Administration Audit Service	Audit with Activity Tracker	Auditing	Audit with AWS CloudTrail	Azure Logging and Auditing Activity logs	Audit with Audit logging	N/A