Kyndryl Bridge

Experience Kyndryl Bridge

Understanding IAM
Published On Jul 18, 2024 - 12:58 PM

Understanding IAM

IAM authorization model manages out-of-the-box role-based access controls, custom roles, access groups, access policies, and attribute-based access controls.
The main benefit of Kyndryl Bridge Identity Access Management (IAM) authorization model is to improve the user experience and add value by increasingly converging all authorization and access management in one single place to better govern the capabilities of all Kyndryl Bridge Common Services, and to make it available to be consumed by other digital solutions:
  • Consistent and secure way to manage authorization for Kyndryl Bridge Common Services in one single place.
  • Consistent and secure way to manage authorization for all other digital solutions that want to use Bridge authorization model.
  • Simple way to manage the right permission scopes to the right resources.
  • Intuitively assign permissions to the right group of users and assign the right users to the right groups with the new Access Groups.
  • Implement an effective and consistent Attribute-based access control (ABAC) strategy across Kyndryl Bridge Common Services and your organization’s access needs.
  • Flexibility to group permissions for the specific needs of the organization by enabling Custom Roles.
  • Find familiarity with industry standard terminology and authorization models to easily comprehend and work with Kyndryl Bridge Common Services.
  • Create a consistent Attribute-based access control (ABAC) and Role-based access control (RBAC) configurations across the board that is intuitive and simple to adopt.
  • Support the capability to manage ABAC for resources in the different cloud providers or any other technologies connected to the platform, making it easy to group resources in a secure manner.

Understanding IAM concepts

Identity Access Management (IAM) manages out-of-the-box role-based access controls, custom roles, access groups, access policies, and attribute-based access controls. This authorization model improves the user experience by increasingly converging all authorization and access management in one single place to better govern the capabilities of all Kyndryl Bridge services and applications.
  • Users: The IAM page allows you to manage and regulate user access, so you can control the type of roles and permissions that your collaborators have in your applications. The benefit of the Users page is that you can quickly see the details of the users added to make sure your users are onboarded into your Kyndryl Bridge Services and Applications.
  • Access Groups: To simplify the permission administration for a many users, the administrator organizes the access and create a collection of different access groups. An Access Group is a group for organizing Users, Service IDs, or a combination of both into a single entity that facilitates assigning Access Policies to multiple subjects at a time.  An Access Policy grants one or multiple roles to all or a set of resources so that specific actions and permissions can be taken within the scope of the specified target resources. Basically, an Access Policy is the way in which an Access Group gets permission to perform actions within the platform. 
  • Custom Role: Adding roles can help you define a set of actions and permission that a user can perform in the applications. Alternatively, these actions may often vary from your own permission needs; Kyndryl Bridge Services and Applications allow you to create custom roles combining different actions. Service ID: A Service ID identifies a non-human user such as a system service or subscription. Since the Service ID is not tied to a specific user, if a user is removed from the system, the rest of the team can continue using the subscription or service. 
  • API Key: API keys are normally used to track and control connections and performance of how the system interface is being used; thus, it provides authentication in the calling of a program to another API to confirm a project is authorized for connection. API keys are an initial step in cloud API security by providing the connecting API with a password-like code with a defined set of access rights.
  • Access Tags: The Tag Schema is a Kyndryl Bridge Service that allows you to set policies governing the use of tags. The Tag Schema Common Service is a feature that allows you to set policies governing the use of tags in the Kyndryl Bridge Applications to help you organize your reports and monitor and enforce compliance. You can also use your own tools/other services or the provider’s native portal for tag management while still being able to track against a central tag schema to ensure compliance.
Do you have two minutes for a quick survey?
Take Survey