Adding IAM User Accounts

IAM accounts allow you to retrieve vaulted access key secrets. IAM accounts have up to two related access keys with:

  • Each access key containing an ID and a secret. The secret is vaulted by Delinea PAS.
  • Each vaulted secret has permissions and policies set for it.

Once you add an IAM user, you can view or edit: permissions, settings, access keys, policy, workflow, activity, and policy summary for the IAM account.

To add an IAM account

  1. In the Admin Portal, navigate to Resources > CloudProviders and you will see a list of cloud providers. Select the cloud provider you wish to modify.

  2. Click the IAM Users tab and click Add.

  3. Enter a UserName. The user name must be actual IAM username.

  4. For AccessKey, click Add.

Enter the Access Key ID and Secret Access Key from your provider and click OK.

You can easily navigate to the AWS IAM users page by clicking Open AWS Console to IAM Users pagein the top-right corner of the page as seen in the image below.

Once added, you can drill deeper into an IAM user account by clicking the account. Here, you can set the following for the IAM account:

Managing permissions on your IAM account:

Allows you to add permissions to your IAM account (Grant, View, Edit, Delete, Retrieve, Starts, Expires, and Inherited From). The permission Retrieve allows you to retrieve the secret for an Access Key for the IAM user (more information on retrieving an access key below). For more information on permissions, see Assigning Permissions.

Managing settings on your IAM account:

Here you can view or modify account settings.

Manage access keys for your IAM account]:

Allows you to add and retrieve access keys for your IAM account as detailed below:

Retrieving Access Keys

  1. In the Admin Portal, navigate to Resources > CloudProviders and you will see a list of cloud providers. Select the cloud provider you wish to modify.

  2. Click IAM Users and select the user you wish to retrieve an access key for.

  3. From the left-hand navigation, select Access Keys, right-click on the access key ID and click Retrieve:

    As an added measure of security, after a short time, Show Secret reverts to hide the secret and will only show again when you click ShowSecret.

  4. Next, you will get an MFA challenge, enter the password and click Next:

  5. Finally, the access key is displayed with the ability to hide and copy the secret:

Deleting Access Keys

  1. In the Admin Portal, navigate to Resources > CloudProviders and you will see a list of cloud providers. Select the cloud provider you wish to modify.
  2. Click IAM Users and select the user you wish to retrieve an access key for.
  3. Select Access Keys, right-click on the access key ID and click Delete.

Managing Policy on your IAM Account:

Allows you to add policy to your IAM account. For more information on managing policy, see Creating Authentication Rules.

Managing workflow for your IAM account:

Use to enable workflow for the IAM account. For more information on workflow, see Enabling Request and Approval Workflow.

Managing activity for your IAM account:

Use to view IAM account activity. The following are activity updates specific to IAM accounts:

  • Retrieving an access key.
  • Adding an access key.
  • Updating the IAM account.

Viewing policy summary for your IAM account:

Use this to view the summation of all policies applied and the name of the policy set applying the policy.