Identity Access Management API reference for Bridge
5 min
learn about , its key functionalities, role based access control (rbac), attribute based access control (abac), and integration with kyndryl okta authentication engine provides a centralized authentication and authorization system that enables secure user and system access across cloud services and other connected technologies enforces access control policies through role based access control (rbac) and attribute based access control (abac) to ensure only authorized users can access specific resources integrates with kyndryl okta authentication engine for external authentication, supporting federated authentication using kyndryl id users accessing the kyndryl bridge ui are redirected to the authentication screen, where okta generates a json web token (jwt) to authorize access enables organizations to manage out of the box and custom roles, access policies, and identity providers (idps) to secure their enterprise environment key functionalities role based access control (rbac) assigns permissions based on user roles to enforce least privilege access attribute based access control (abac) uses attributes to determine user permissions dynamically custom roles and access groups enable organizations to define user roles specific to their operational needs federated authentication uses kyndryl okta authentication engine for seamless authentication multi tenant idp support supports openid connect 1 0 and saml 2 0 for multiple identity providers per tenant service ids & api keys provides secure authentication for non human users, allowing controlled api access bridge access management roles and access levels the following table outlines roles and associated permissions \<font color="#f3f4f6">account type\</font> \<font color="#f3f4f6">role name\</font> \<font color="#f3f4f6">permissions\</font> customer account administrator manage consultation, quotations, subscriptions, service tickets, and user access customer account contributor manage consultation, quotations, subscriptions, and service tickets customer account operator manage consultation, inventory, and service tickets customer account viewer view notifications, consultations, quotations, and assessments kyndryl account account manager manage all customer interactions, including subscriptions and user access service provider administrator manage consultation, quotations, subscriptions, and user access service provider viewer view notifications, consultations, and quotations use cases enables enterprises to securely onboard applications automatically integrates new applications with okta based authentication manage service identities allows organizations to generate service ids and api keys to interact with applications securely control cloud connections configure and manage secure connections to cloud providers such as aws, azure, and gcp enhance access governance enforces access control policies through attribute based and role based access models prerequisites to configure , ensure the following administrator privileges required to manage idps, service identities, and user access identity provider (idp) configuration supports saml 2 0 and openid connect service id and api key management assign service ids to access groups and policies generate api keys to authenticate applications securely how to configure bridge access management to set up authentication and access control add a custom identity provider (idp) navigate to iam > identity providers click add identity provider and select saml 2 0 or openid connect provide metadata url or upload an xml file for configuration generate a service id go to iam > service ids click create service id and define its attributes assign an access group or access policy to the service id create an api key navigate to iam > api keys click add api key , assign the relevant service id, and store the key securely configure access policies define role based or attribute based policies to restrict access based on job function and user attributes for a step by step guide, refer to the overview docid 87atpfcv5akzumcgnlkwd api reference provides apis for authentication and access control generate an access token endpoint post \<tenant url>/api/iam/v4/identity/token request payload { "apikey" "your api key", "subject" "user subject id" } response { "token" "jwt token valid for 2 hours" } retrieve users endpoint get \<tenant url>/api/iam/v4/users response { "users" \[ { "id" "12345", "name" "john doe", "role" "administrator" } ] }