Using SORACOM Access Management to Manage Operation Access
With SAM (SORACOM Access Management), you can manage operation access to SORACOM's console and API. Use the User Console to do the following:
- Create a SAM User and set the authentication.
- Set the access level.
- With the SAM User, log into the User Console.
Creating a SAM User and Setting the Authentication
Creating a SAM User
To create a SAM User, use the User Console's Security tab.
Go to https://console.soracom.io/#/security/users?coverage_type=gand on the [User] menu, click on the [Create User] button.
If there will be multiple administrators, use a joint email address by having a mailing list address, etc., beforehand.
When the dialog box below appears, enter your name and other details. The name (SAM User name) you enter here will be used for the console login.
This creates a SAM User.
Setting the SAM User's Authentication
Next, set the SAM User's authentication information. From the list, select the SAM User that you just created.
On this screen, you can adjust the SAM User settings. On the screen, select the [Authentication Settings] tab.。
The "Authentication Key" is the authentication information assigned to the SAM User that is used when the API is called. And the Console Login Password is the password to log into the User Console.
Both settings are not yet set initially. Therefore, if the SAM User is to use the API, set the Authentication Key. If the Console login is to be used, also set the Console Login Password.
Setting the Console Login Password
Since the SAM User will log into the Console, set the Console Login Password.
To set the Console Login Password, click the [Set Password] button.
Enter the password to set it.
The set password can now be used to log into the Console.
Setting the Authentication Key
If the SAM User is to use the API, set the Authentication Key.
To set the Authentication Key, click the [Create Authentication Key] button.
Clicking the button will create an "Authentication KeyID" and "Authentication Key Secret". By using both to call the authentication API, you can use the SORACOM API as a SAM User.
You can now use the created key for API authentication. Note that this Authentication Key will not be reissued, so be sure to keep it in a safe place.
Setting SAM User's Access Level
Setting the Access Level
Next, set the Access Level so this SAM User can access SORACOM.
On the SAM User setting screen, select [Set Access Level].
There are two Access Levels. One is called "Direct designation (Inline access)" and the other is "Role."
Direct designation enables the SAM User's access level to be set directly. With Role, a role preset with an Access Level can be linked to a SAM User to set the Access Level.
Here, you will set the access level directly.
The access level can be set by writing the "Permission syntax" in the JSON format syntax. For example, to create a user authorized to only display the SIM list, use the syntax below.
This method makes it flexible to set the SAM User's Access Level.
For details on using the permission syntax, see #permission syntax details. Also, for setting the Access Level using Role, see #Setting access using Role.
Console Login by a SAM User
With the procedure above, a SAM User who can log into the console has been created.You can log into the User Console on the login screen.
On the login screen, click on [Login as SAM User].
To login, the following is required: Operator ID, SAM Username, and Console Login Password.
For the SAM Username and Console Login Password, use the ones created above.
The Operator ID starts with "OP". It is assigned to each operator.
If you do not know the Operator ID, login as an operator, then check the ID on the menu on the upper right.