Cloud Access Management

A secure access management service for Tencent Cloud products and resources


Cloud Access Management (CAM) by Tencent Cloud is a permission and user management system designed for secure and precise product management and access. You can create users and roles in CAM and assign security credentials such as console login passwords and Cloud API keys to them. You can also request temporary security credentials to enable access to Tencent Cloud resources. You can manage permissions to control what actions users and roles can perform and what resources they can access. You do not need to create organizational users' sub-users or collaborators if your organization already has a private network account system, as identity provider (IdP) will provide single sign-on (SSO) for these users and IdP-verified external users can access your Tencent Cloud resources directly.


User Management and Access Permissions

You can create users in CAM and assign them separate security credentials such as Cloud API keys, login passwords and MFA devices. You can also request temporary keys to let users access Tencent Cloud services and resources, and manage permissions and user actions.

Role and Role Permission Management

You can create roles and manage their permissions in CAM to control user and service operations. You can also set the roles that different entities should take.

Federated User and Federated User Permission Management

You can enable the federated identity feature to allow existing identities (users, groups and roles) in your organization to access the CAM console, call APIs and access resources without having to create users for each identity. Tencent Cloud supports SAML 2.0-based identity management solutions.


Access Permissions Management

You can authorize access to root account resources without sharing identity credentials.


Refined Access Control for Resources

You can customize access permissions for your Tencent Cloud services and resources through CAM. You can create users or roles in CAM and assign them separate security credentials (console login passwords, Cloud API keys, etc.) or request temporary security credentials for them to access Tencent Cloud resources. You can manage the permissions to control what actions users and roles can perform and what resources they can access.

Single Sign-on to Tencent Cloud

You can use your existing authentication system through CAM to grant your employees and services the access permissions for Tencent Cloud services and resources. Tencent Cloud supports federated authentication based on SAML 2.0 (Security Assertion Markup Language 2.0) to achieve interoperability with your organizational account systems on a private network. For more information, see SAML 2.0-based Federated Authentication.

Multi-factor Authentication for Improved Account Security

Multi-factor authentication is a practice that adds an additional layer of protection on top of your username and password. Currently, two authentication methods are supported: hardware/virtual MFA device code and mobile verification code. Depending on the configuration, a user may be required to enter a valid authentication code to verify their identity and device environment before logging in or performing sensitive operations.


CAM is free of charge.