Cloud Access Management (CAM) by Tencent Cloud is a permission and user management system designed for secure and precise product management and access. You can create users and roles in CAM and assign security credentials such as console login passwords and Cloud API keys to them. You can also request temporary security credentials to enable access to Tencent Cloud resources. You can manage permissions to control what actions users and roles can perform and what resources they can access. You do not need to create organizational users' sub-users or collaborators if your organization already has a private network account system, as identity provider (IdP) will provide single sign-on (SSO) for these users and IdP-verified external users can access your Tencent Cloud resources directly.
You can create users in CAM and assign them separate security credentials such as Cloud API keys, login passwords and MFA devices. You can also request temporary keys to let users access Tencent Cloud services and resources, and manage permissions and user actions.
You can create roles and manage their permissions in CAM to control user and service operations. You can also set the roles that different entities should take.
You can enable the federated identity feature to allow existing identities (users, groups and roles) in your organization to access the CAM console, call APIs and access resources without having to create users for each identity. Tencent Cloud supports SAML 2.0-based identity management solutions.
You can authorize access to root account resources without sharing identity credentials.
You can grant individualized permissions to different people for targeted resources. For example, you can grant certain sub-accounts COS bucket read permission while granting other sub-accounts and root accounts COS bucket write permission.
Multi-factor authentication improves account security. With multi-factor authentication, when attempting to log in or conduct sensitive operations, you need to enter the account password or access key and a code from a specifically configured device.
CAM allows users who have already obtained a password from a third-party authentication system (for example, in your organization network or through an Internet identity provider) to gain temporary access to your Tencent Cloud account.
Verified to be compliant with the Payment Card Industry (PCI) Data Security Standard (DSS), CAM supports the processing, storage and transmission of credit card data by merchants or service providers.
For a complete list of CAM-compatible Tencent Cloud products, see CAM-compatible Products.
You can customize access permissions for your Tencent Cloud services and resources through CAM. You can create users or roles in CAM and assign them separate security credentials (console login passwords, Cloud API keys, etc.) or request temporary security credentials for them to access Tencent Cloud resources. You can manage the permissions to control what actions users and roles can perform and what resources they can access.
You can use your existing authentication system through CAM to grant your employees and services the access permissions for Tencent Cloud services and resources. Tencent Cloud supports federated authentication based on SAML 2.0 (Security Assertion Markup Language 2.0) to achieve interoperability with your organizational account systems on a private network. For more information, see SAML 2.0-based Federated Authentication.
Multi-factor authentication is a practice that adds an additional layer of protection on top of your username and password. Currently, two authentication methods are supported: hardware/virtual MFA device code and mobile verification code. Depending on the configuration, a user may be required to enter a valid authentication code to verify their identity and device environment before logging in or performing sensitive operations.
CAM is free of charge.