Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Inviting a new user and assigning roles

Written by
Updated at September 10, 2025

In this tutorial, you will learn how to invite a new user to your organization and grant them permissions to create a VM in a folder. The tutorial includes instructions for both the administrator and the user. For the steps the user must complete, see User actions.

To invite a user to your organization and grant them access to a folder and other resources:

  1. Prepare Yandex Cloud.
  2. Set up your infrastructure.
  3. Invite the user to the organization and assign roles.
  4. Make sure the user has accepted the invitation and can access the resources.

If you no longer need the paid resources you created, delete them.

The cost of infrastructure support includes fees for computing resources, OS, storage, amount of outgoing traffic, and VM public IP address (see Yandex Compute Cloud pricing).

Prepare Yandex Cloud

Sign up for Yandex Cloud and create a billing account:

  1. Navigate to the management console and log in to Yandex Cloud or create a new account.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one.

Set up the infrastructure

Organization is a workspace that consolidates various types of Yandex Cloud resources and users. Any Yandex user can create an organization in Yandex Identity Hub. After you create an organization, you become its owner and can manage its settings.

To create an organization, follow these steps:

  1. Go to Yandex Identity Hub.

    Your next steps will depend on whether you are a member of any organization in Yandex Identity Hub.

  2. Create an organization:

    If you are not yet a member of an organization in Yandex Identity Hub, when clicking the link, you will be prompted to create a new organization:

    1. Enter your organization name, e.g., Example organization.
    2. Click Create a new organization.

    If you are currently a member of an organization in Yandex Identity Hub, when clicking the link, you will see the Yandex Identity Hub interface in Cloud Center.

    To avoid tampering with the infrastructure in existing organizations, create a new organization:

    1. In the top-left corner, next to the organization name, click and select Create organization.
    2. In the window that opens, enter a name for the organization: Example organization.
    3. Click Create a new organization.

If you want to allocate isolated resources to a user within an organization:

  1. Create a cloud named testing in Example organization.

  2. Create a folder named test-folder in the testing cloud.

If the user does not need isolated resources, you can grant them access to existing clouds and folders, e.g., the default ones.

Invite the user to the organization and assign roles

Tip

To make sure the user gets all required permissions the first time they log in, assign roles immediately after sending the invitation. Once the invitation is accepted, you will be able to assign more roles or revoke those already assigned.

Send an invitation to the user

For the user to access Yandex Cloud resources, invite them to the organization you created:

  1. Go to Yandex Identity Hub.

  2. In the left-hand panel, select Users.

  3. In the top-right corner, click Add user and select Invite users with a Yandex account.

  4. Enter the user's email.

    You can send invitations to any email address. Invited users will be able to select the appropriate Yandex account once they accept the invitation.

  5. Click Send invitation.

Assign the user a role for a cloud

  1. In the management console, select the testing cloud.
  2. Navigate to the Access bindings tab.
  3. Click Configure access.
  4. In the window that opens, select Invitee accounts.
  5. Select a user from the list or use the user search option.
  6. Click Add role and select the resource-manager.clouds.member role.
  7. Click Save.

Assign the user a role for the folder

  1. In the management console, navigate to test-folder.

  2. Navigate to the Access bindings tab.

  3. Click Configure access.

  4. In the window that opens, select Invitee accounts.

  5. Select a user from the list or use the user search option.

  6. Click Add role and select the compute.editor role.

    Tip

    You can also assign other roles depending on the actions you want to allow on folder resources. For the full list of roles, see the Yandex Identity and Access Management documentation.

  7. Click Save.

Then instruct the user to complete these steps.

User actions

Accept the invitation to the organization

  1. In the invitation email, click Accept invitation.
  2. On the page that opens, click Accept.
  3. Select an account to log in.

You now have access to Example organization and its resources.

Check access to the cloud

  1. Go to the management console and click your profile image in the left-hand panel.

  2. Select Example organization.

  3. In the left-hand panel, select the testing cloud. You will see the list of cloud folders.

    This means you have access to the testing cloud.

Check access to the folder

Make sure you have access to test-folder. Once you open the folder, create a VM in it:

  1. Go to the management console and click your profile image in the left-hand panel.

  2. Select Example organization.

  3. In the left-hand panel, select test-folder.

  4. In the list of services, select Compute Cloud.

  5. Select  Virtual machines.

  6. Click Create virtual machine and set the VM parameters:

    1. Select Basic setup.
    2. Under Operating systems and products, select Ubuntu 24.04 LTS.
    3. Under Computing resources, specify the computing resource configuration for the VM.
    4. Under Disks, specify the size and type of the disk.
    5. Enter the VM name.
    6. Set the Login of the VM administrator.
    7. In the SSH key field, click Add key. In the window that opens:

      1. Enter a Name for the SSH key.

      2. Under SSH key, select Enter manually, then upload or paste the contents of the public SSH key. You need to create a key pair for the SSH connection to the VM on your own.

      3. Click Add.

        The system will add the SSH key to your organization user profile.

        If, due to organization restrictions, you cannot add SSH keys to your user profile, the system will save the key to the VM user profile.

    8. Click Create VM.

If the VM is created successfully, you can access the cloud and use Compute Cloud resources. Report this to the administrator.

Delete the resources you created

If the user no longer needs the VM they created, delete it to avoid paying the fee.

Previous
Differentiation of access permissions for user groups
Next
Overview