Getting Started with Identity Management

Follow

Getting Started with Identity Management

Kion provisions cloud identities and maintains the associated permissions, so you have a central point of management for all the pieces of your cloud identity posture. Using the Kion OU/project structure, you are able to manage identity from the top down. This gives you the power to focus on the important risks that may exist within your accounts, no matter complexity of your cloud estate.

It is considered best practice to only provide users with enough access to perform their job. This is called the principle of least privilege. This is widely accepted to be an important practice for data security and continuity of operations. For more information, see Principle of Least Privilege.

Cloud Rules

Cloud rules are how Kion manages IAM policies on accounts. Cloud rules are collections of cloud-specific resources, including AWS IAM policies, AWS service control policies, Azure role definitions, Azure policy definitions, and Google Cloud IAM roles.

For more information, see What is a Cloud Rule?

Cloud Access Roles

Cloud access roles are used to log in to cloud accounts directly from Kion. They represent an IAM role or role definition that has access to the cloud account. That role has a trust policy that allows Kion to provide the user with access to the console. IAM policies, permissions boundaries, and role definitions can be attached directly to the cloud access role from Kion when it is created.

When a user federates in to a cloud account from a Kion project, they will select a cloud access role that is assigned to them in Kion. A single user may have multiple cloud access roles with different permissions available when accessing an account.

For more information, see What is a Cloud Access Role?

Admin Audit

Admin audit is the first step towards Cloud Infrastructure Entitlement Management (CIEM) with Kion. When enabled, admin audit provides a detailed daily report of principals with privileged access on the accounts within your projects and OUs. Admin audit exposes over-privileged or 'accidental admins' across your cloud accounts, so you can proactively right-size permissions.

For more information, see Admin Audit Overview.