Authenticating in Nebius AI
When a user does something with a resource in Nebius AI, IAM checks whether the user has the necessary access rights to perform this operation.
Authenticated users and service accounts get permissions according to their roles, i.e. groups they are added to. For more details, see Groups and roles in Nebius AI organizations.
Authentication in Nebius AI
Before authorization, a user must get authenticated, meaning they must log in under their account. Authentication is performed in different ways depending on the type of account and the interface used:
Authentication using a Nebius AI account
Authentication is carried out automatically when you log in to your Google account.
To perform operations in the CLI, authenticate following the instructions. After this, authentication will work automatically.
Service account authentication
To perform operations in the CLI, authenticate following the instructions. After this, authentication will work automatically.
Federated user authentication
To log in to the management console, federated users must follow the link with the federation ID:
https://console.nebius.ai/federations/<federation_ID>
The authentication process for a federated user depends on the IdP server settings. For more information, see SAML-compatible identity federations.
To perform operations in the CLI, authenticate following the instructions.
On successful authentication, the IAM token is saved in the profile. This token is used to authenticate each operation until the token expires. After that, the CLI again displays a prompt to authenticate in the browser.