Platform Settings

Configure platform settings

Identity Access Management API reference for Bridge
Published On Nov 26, 2025 - 12:51 PM

Identity Access Management API reference for Bridge

Learn about Identity Access Management (IAM), its key functionalities, role-based access control (RBAC), attribute-based access control (ABAC), and integration with Kyndryl Okta Authentication Engine.
Identity Access Management (IAM) provides a centralized authentication and authorization system that enables secure user and system access across cloud services and other connected technologies. IAM enforces access control policies through
Role-Based Access Control (RBAC)
 and
Attribute-Based Access Control (ABAC)
 to ensure only authorized users can access specific resources.
IAM integrates with
Kyndryl Okta Authentication Engine
 for external authentication, supporting
federated authentication
 using Kyndryl ID. Users accessing the
Kyndryl Bridge UI
 are redirected to the authentication screen, where Okta generates a
JSON Web Token (JWT)
 to authorize access.
IAM enables organizations to manage out-of-the-box and custom roles, access policies, and identity providers (IdPs) to secure their enterprise environment.
Key functionalities
  • Role-based access control (RBAC):
     Assigns permissions based on user roles to enforce least privilege access.
  • Attribute-based access control (ABAC):
     Uses attributes to determine user permissions dynamically.
  • Custom roles and access groups:
     Enables organizations to define user roles specific to their operational needs.
  • Federated authentication:
     Uses Kyndryl Okta Authentication Engine for seamless authentication.
  • Multi-tenant IDP support:
     Supports
    OpenID Connect 1.0
     and
    SAML 2.0
     for multiple identity providers per tenant.
  • Service IDs & API keys:
     Provides secure authentication for non-human users, allowing controlled API access.
IAM roles and access levels
The following table outlines IAM roles and associated permissions:
Account type
Role name
Permissions
Customer Account
Administrator
Manage consultation, quotations, subscriptions, service tickets, and user access.
Customer Account
Contributor
Manage consultation, quotations, subscriptions, and service tickets.
Customer Account
Operator
Manage consultation, inventory, and service tickets.
Customer Account
Viewer
View notifications, consultations, quotations, and assessments.
Kyndryl Account
Account Manager
Manage all customer interactions, including subscriptions and user access.
Service Provider
Administrator
Manage consultation, quotations, subscriptions, and user access.
Service Provider
Viewer
View notifications, consultations, and quotations.
Use cases
IAM enables enterprises to:
  • Securely onboard applications
    : Automatically integrates new applications with Okta-based authentication.
  • Manage service identities
    : Allows organizations to generate
    Service IDs
     and
    API Keys
     to interact with applications securely.
  • Control cloud connections
    : Configure and manage secure connections to cloud providers such as AWS, Azure, and GCP.
  • Enhance access governance
    : Enforces access control policies through
    attribute-based
     and
    role-based access
     models.
Prerequisites
To configure IAM, ensure the following:
  1. Administrator privileges
    : Required to manage IdPs, service identities, and user access.
  2. Identity Provider (IdP) Configuration
    : Supports
    SAML 2.0
     and
    OpenID Connect
    .
  3. Service ID and API Key Management
    :
    • Assign service IDs to access groups and policies.
    • Generate API keys to authenticate applications securely.
How to configure IAM
To set up IAM authentication and access control:
  1. Add a custom Identity Provider (IdP)
    • Navigate to
      IAM > Identity Providers
      .
    • Click
      Add Identity Provider
       and select
      SAML 2.0
       or
      OpenID Connect
      .
    • Provide metadata URL or upload an XML file for configuration.
  2. Generate a Service ID
    • Go to
      IAM > Service IDs
      .
    • Click
      Create Service ID
       and define its attributes.
    • Assign an
      Access Group
       or
      Access Policy
       to the Service ID.
  3. Create an API Key
    • Navigate to
      IAM > API Keys
      .
    • Click
      Add API Key
      , assign the relevant Service ID, and store the key securely.
  4. Configure access policies
    • Define
      role-based
       or
      attribute-based
       policies to restrict access based on job function and user attributes.
For a step-by-step guide, refer to the IAM configuration guide.
API reference
IAM provides APIs for authentication and access control.
1. Generate an access token
Endpoint:
 POST <Tenant URL>/api/iam/v4/identity/token
Request payload:
{
"apikey": "your-api-key",
"subject": "user-subject-id"
}
Response:
{
"token": "jwt-token-valid-for-2-hours"
}
2. Retrieve users
Endpoint:
 GET <Tenant URL>/api/iam/v4/users
Response:
{
"users": [
  {
    "id": "12345",
    "name": "John Doe",
    "role": "Administrator"
  }
]
}
For complete API documentation, refer to the IAM API Guide.
Do you have two minutes for a quick survey?
Take Survey