SORACOM Developers


Using SORACOM Access Management to Manage Operation Access

With SAM (SORACOM Access Management), you can manage operation access to SORACOM's console and API. Use the User Console to do the following:

Creating a SAM User and Setting the Authentication

Creating a SAM User

To create a SAM User, use the User Console's Security tab.
Go to on the [User] menu, click on the [Create User] button.


If there will be multiple administrators, use a joint email address by having a mailing list address, etc., beforehand.

When the dialog box below appears, enter your name and other details. The name (SAM User name) you enter here will be used for the console login.


This creates a SAM User.

Setting the SAM User's Authentication

Next, set the SAM User's authentication information. From the list, select the SAM User that you just created.


On this screen, you can adjust the SAM User settings. On the screen, select the [Authentication Settings] tab.。


The "Authentication Key" is the authentication information assigned to the SAM User that is used when the API is called. And the Console Login Password is the password to log into the User Console.

Both settings are not yet set initially. Therefore, if the SAM User is to use the API, set the Authentication Key. If the Console login is to be used, also set the Console Login Password.

Setting the Console Login Password

Since the SAM User will log into the Console, set the Console Login Password.

To set the Console Login Password, click the [Set Password] button.

Create Authentication Key

Enter the password to set it.

Setting the Console Login Password

The set password can now be used to log into the Console.

Setting the Authentication Key

If the SAM User is to use the API, set the Authentication Key.

To set the Authentication Key, click the [Create Authentication Key] button.

Create Authentication Key

Clicking the button will create an "Authentication KeyID" and "Authentication Key Secret". By using both to call the authentication API, you can use the SORACOM API as a SAM User.

Authentication Key

You can now use the created key for API authentication. Note that this Authentication Key will not be reissued, so be sure to keep it in a safe place.

Setting SAM User's Access Level

Setting the Access Level

Next, set the Access Level so this SAM User can access SORACOM.

On the SAM User setting screen, select [Set Access Level].

Setting the Console Login Password

There are two Access Levels. One is called "Direct designation (Inline access)" and the other is "Role."

Direct designation enables the SAM User's access level to be set directly. With Role, a role preset with an Access Level can be linked to a SAM User to set the Access Level.

Here, you will set the access level directly.

The access level can be set by writing the "Permission syntax" in the JSON format syntax. For example, to create a user authorized to only display the SIM list, use the syntax below.

Display Only SIM List

This method makes it flexible to set the SAM User's Access Level.
For details on using the permission syntax, see #permission syntax details. Also, for setting the Access Level using Role, see #Setting access using Role.

Console Login by a SAM User

With the procedure above, a SAM User who can log into the console has been created.You can log into the User Console on the login screen.

On the login screen, click on [Login as SAM User].

To SAM User Login

To login, the following is required: Operator ID, SAM Username, and Console Login Password.

To SAM User Login

For the SAM Username and Console Login Password, use the ones created above.

The Operator ID starts with "OP". It is assigned to each operator.

If you do not know the Operator ID, login as an operator, then check the ID on the menu on the upper right.

To SAM User Login

Getting Started

SORACOM Air for Cellular

SORACOM Air for Sigfox


SORACOM Canal/Direct/Door





SORACOM Inventory

SORACOM Junction



Service Detail

Developer Tools