Platform Settings

Configure platform settings

Understanding IAM
Published On Oct 17, 2025 - 6:42 AM

Understanding IAM

Master IAM to unify and streamline access management with role-based controls, custom roles, and access policies for Kyndryl Bridge services.
The main benefit of Kyndryl Bridge Identity Access Management (IAM) authorization model is to improve the user experience and add value by increasingly converging all authorization and access management in one single place to better govern the capabilities of all Kyndryl Bridge Common Services, and to make it available to be consumed by other digital solutions:
  • Manage authorization for Kyndryl Bridge Common Services consistently and securely in one single place.
  • Manage authorization for all digital solutions using the Kyndryl Bridge authorization model in a consistent and secure manner.
  • Simplify the management of permission scopes for the right resources.
  • Assign permissions intuitively to the correct user groups and assign users to groups effectively with access groups.
  • Implement a consistent and effective Attribute-based access control (ABAC) strategy across Kyndryl Bridge Common Services and your organization’s access needs.
  • Enable the grouping of permissions according to organizational needs by creating Custom Roles.
  • Find familiarity with industry standard terminology and authorization models to easily comprehend and work with Kyndryl Bridge Common Services.
  • Create consistent ABAC and Role-based access control (RBAC) configurations across the board that is intuitive and simple to adopt.
  • Support the capability to manage ABAC for resources in the different cloud providers or any other technologies connected to the platform, making it easy to group resources in a secure manner.

Understanding IAM concepts

Identity Access Management (IAM) manages out-of-the-box role-based access controls, custom roles, access groups, access policies, and attribute-based access controls. This authorization model improves the user experience by increasingly converging all authorization and access management in one single place to better govern the capabilities of all Kyndryl Bridge services and applications.
  • Users: The IAM page allows you to manage and regulate user access, so you can control the type of roles and permissions that your collaborators have in your applications. The benefit of the Users page is that you can quickly see the details of the users added to make sure your users are onboarded into your Kyndryl Bridge Services and Applications.
  • Access Groups: To simplify the permission administration for a many users, the administrator organizes the access and create a collection of different access groups. An Access Group is a group for organizing Users, Service IDs, or a combination of both into a single entity that facilitates assigning Access Policies to multiple subjects at a time.  An Access Policy grants one or multiple roles to all or a set of resources so that specific actions and permissions can be taken within the scope of the specified target resources. Basically, an Access Policy is the way in which an Access Group gets permission to perform actions within the platform. 
  • Custom Role: Adding roles can help you define a set of actions and permission that a user can perform in the applications. Alternatively, these actions may often vary from your own permission needs; Kyndryl Bridge Services and Applications allow you to create custom roles combining different actions. Service ID: A Service ID identifies a non-human user such as a system service or subscription. Since the Service ID is not tied to a specific user, if a user is removed from the system, the rest of the team can continue using the subscription or service. 
  • API Key: API keys are normally used to track and control connections and performance of how the system interface is being used; thus, it provides authentication in the calling of a program to another API to confirm a project is authorized for connection. API keys are an initial step in cloud API security by providing the connecting API with a password-like code with a defined set of access rights.
  • Access Tags: The Tag Schema is a Kyndryl Bridge Service that allows you to set policies governing the use of tags. The Tag Schema Common Service is a feature that allows you to set policies governing the use of tags in the Kyndryl Bridge Applications to help you organize your reports and monitor and enforce compliance. You can also use your own tools/other services or the provider’s native portal for tag management while still being able to track against a central tag schema to ensure compliance.
Do you have two minutes for a quick survey?
Take Survey