Accounts in Yandex Cloud
Yandex Cloud uses Yandex accounts, service accounts, and federated accounts.
Note
Billing accounts are not used for managing resources in Yandex Cloud and are not part of IAM. For more information, see Billing account in the Yandex Cloud Billing documentation.
Yandex account
Yandex account: Your Yandex
- If you do not need to set up access permissions for your applications. Otherwise, use a service account.
- For smaller teams if you did not set up an identity federation in your organization (e.g., with Active Directory or Google Workspace). Otherwise, use federated accounts.
To better safeguard your resources from unauthorized access, enable Yandex ID two-factor authentication
Federated accounts
A federated account is a user account from an identity federation, e.g., Active Directory.
With identity federations, a business can enable single sign-on to Yandex Cloud via their server. This allows the company employees use their corporate accounts to access Yandex Cloud.
Use federated accounts if you need to grant Yandex Cloud access to a large number of employees.
For more information, see SAML-compatible identity federations.
Service account
A service account is an account that can be used by a program to manage resources in Yandex Cloud.
Service accounts allow you to set up flexible access to your resources and minimize risks associated with excessive permissions. Use this account type for your applications, YC CLI, Terraform, and Yandex Cloud API. For more information, see Service accounts.