Getting started with Cloud Organization
To get started, create an organization and add users to it.
Organization is a workspace that combines different types of Yandex Cloud resources and users. Learn more about organizations, resources, and users.
You can manage organization settings in the Organization section of the Cloud Center interface.
Before getting started with Yandex Cloud Organization, log in to your Yandex account. If you do not have an account, create one.
Create an organization
-
Go to Yandex Cloud Organization.
-
Read the Yandex Cloud terms of use and click Log in.
-
Enter your company name and description.
-
Click Create new organization.
After registering, you become the organization owner. You will be able to manage employee accounts, as well as connect and disable services.
Add employees
To grant your employees access to the organization's services, connect them using their Yandex accounts. If your company already uses a different account management system (such as Active Directory or Google Workspace), configure an identity federation so that your employees can use their work accounts to access Yandex Cloud services.
Connect employees with Yandex accounts
If your employees have Yandex accounts, e.g., login@yandex.com, they can use them to access Yandex Cloud services enabled in your organization.
To connect employees with Yandex accounts:
-
Go to Yandex Cloud Organization.
-
In the left-hand panel, select Users.
-
In the top-right corner, click Invite users.
-
Enter the email addresses of the users you want to invite to the organization (e.g.,
login@yandex.com).You can send invitations to any email address. Invited users will be able to select the appropriate Yandex account once they accept the invitation.
-
Click Send invitation.
The users will be connected to the organization upon accepting the invitation via the emailed link and selecting an account for log-in.
Configure an identity federation
An identity federation is a technology that allows you to implement a Single Sign-On (SSO) authentication scheme and use corporate accounts to log in to Yandex Cloud Organization. In this case, your corporate account management system acts as an identity provider (IdP).
To configure your identity federation, follow these steps:
-
Set up the configurations in Yandex Cloud:
Cloud Center interface-
Go to Yandex Cloud Organization.
-
In the left-hand panel, select Federations.
-
Click Create federation in the top-right corner of the page. In the window that opens:
-
Enter the federation name and description.
-
In the Cookie lifetime field, specify the time before the browser asks the user to re-authenticate.
-
In the IdP Issuer field, specify the IdP server ID to use for authentication. While authenticating the user, the IdP server must send the same ID in its response to Cloud Organization.
Note
ID format depends on the type of IdP server you use (for example, Active Directory or Google Workspace).
-
In the Single Sign-On method field, choose POST.
-
In the Link to the IdP login page field, specify the address of the page to which the browser redirects the user for authentication.
-
Enable Automatically create users to add authenticated users to your organization automatically.
If you do not enable this option, you will need to manually add your federated users.
-
Click Create federation.
-
-
-
Configure the identity provider's server to transmit successful authentication information and user attributes to Yandex Cloud.
User attributes supported by Yandex Cloud Organization services are listed in identity federation setup guides for different identity providers: