Identity and Access Management

The service allows to create and manage user identities and control access to virtual machines and other cloud resources.

Google accounts

Users don’t need to create additional accounts: to access your Nebius resources, they can use any of their or gaccounts.

Two-factor authentication

In Nebius, you can also set up two-factor authentication via Google account. Access is granted via the Google Authenticator mobile app.

Identity federation

A federated user will get access to resources using an external corporate username. Authentication and authorization are done via SAML v2.0.

Service accounts

Create service accounts for your processes and they can connect to your cloud resources as users through the service API.

Flexible role system

Roles can be assigned at the level of an organization, cloud, folder, service account, user or other resources.

Inviting users

You can add users with a Google account as well as federated users. To do this, you need to be the organization administrator or owner.

Intuitive cloud console for a smooth user experience

To use the service, add a user to Nebius and configure access bindings.

Full screen image

Questions and answers about IAM

What is Identity and Access Management used for?

The service controls access to resources and lets you configure access rights. You can:

  • Add and delete new cloud users.
  • Manage access rights to resources by assigning and revoking roles.
  • Create service accounts: special accounts to manage Nebius resources via the API.
  • Get an IAM token that is required for authorization via the API.