Skip to main content

Create and manage organization

Organization is at the top of the KakaoCloud resource hierarchy and represent a company or an organization. Creating and managing organization described in this document is only available to members who have been granted the corresponding IAM roles.

Create organization and set up log-in

To create an organization account in KakaoCloud, follow the steps below:

  1. Visit the KakaoCloud website and click the [Sign Up] button.

    Sign-up pathURL
    [Sign Up] at the top of the KakaoCloud portalhttps://account.kakaocloud.com/signup
  2. Agree to all required terms and click [Next].

  3. Enter the required user information to create your KakaoCloud account and click [Next].

  4. Enter the cloud organization name and the contact details of the person who will be the organization owner, then click [Complete].

    FieldDescription
    Cloud organization nameThe name to be used for the KakaoCloud organization
    - Required for all users including admins when accessing the console
    Contact nameName of the person who will be the organization owner
    Contact emailEmail address of the organization owner
    - Used as the login ID
    Contact mobile numberMobile phone number of the contact person
  5. Open the organization invitation and password setup guide email sent to the contact's email address and click the [Set password] button.

    • The initial password must be set within 7 days of receiving the email to log into the console.
  6. On the Set password page, enter the password and click [Set password].

  7. Go to the KakaoCloud Console, enter your organization name, and click [Next].

  8. Enter your cloud account ID (email) and password, then click [Log In] to access the console.

info

The user who creates the initial cloud organization is designated as the Organization Owner and is granted the Org Admin and Billing Admin roles.

Set organization login

KakaoCloud provides login security features to enhance user account protection.

Organization login setting permissions

FeatureOrg AdminOrg ReaderProject AdminProject MemberProject Reader
IdP integration
2FA configuration

Go to IAM > Organization Management > Login Settings to view and configure login account and security features for the organization.

Integrate IdP

The IdP (Identity Provider) integration feature allows users to log into KakaoCloud using an external IdP account. Unlike logging in with a KakaoCloud account, this method uses the authentication provided by the IdP to access the KakaoCloud Console. Currently, only credentials from Azure AD are supported.

info
  • KakaoCloud currently supports Azure AD credentials only.
  • Some account features may be limited when using an external IdP to access KakaoCloud.
  • To integrate with IdP, the following conditions must be met:
    • Organization creation must be completed.
    • The org admin must have registered a password and be able to log in with a KakaoCloud account.
    • You must have created an Azure AD tenant and registered users.
caution

Once you set the login account to IdP, it cannot be reverted to a KakaoCloud account. Proceed with caution.

IdP OAuth integration

Step 1. Issue integration details from Azure AD

Azure AD is an external IdP provided by Microsoft. To integrate it as an IdP, you must register an app in Azure AD and obtain the following four pieces of information: Client ID, Client Secret, Authorization URL, and Token URL. These are used to register IdP settings in KakaoCloud Console > IAM > Login Settings.

Refer to Microsoft documentation for detailed guidance:

  1. Log in to the Azure AD Portal, then click the menu icon in the upper-left corner and go to the Azure Active Directory menu.

    Figure. Azure Active Directory
    Azure Active Directory

  2. In Azure Active Directory, go to Manage > App registrations.

    Figure. App registrations
    App registrations

  3. To register KakaoCloud as an app, click New registration.

    Figure. New registration
    New registration

  4. In Register an application, fill out the details so the authentication response is returned to the URI after the user is authenticated.

    Figure. Register an application
    Register an application

    FieldDescription
    NameEnter kakaocloud (this will be displayed as the application name)
    Supported account typesSelect Accounts in this organizational directory only to restrict login to a specific tenant
    Redirect URI (optional)Type: Select Web
    Redirect URI: Enter the fixed URI https://iam.kakaocloud.com/auth/oidc/callback
  5. On the Overview page, copy the Application (client) ID, which is your Client ID, to your clipboard.

    Figure. App overview
    App overview

  6. Click Endpoints, then copy the OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2) to your clipboard.

    Figure. Copy endpoint information
    Copy endpoint information

    Endpoint InfoDescription
    OAuth 2.0 authorization endpoint (v2)Used as the Authorization URL when registering the IdP
    OAuth 2.0 token endpoint (v2)Used as the Token URL when registering the IdP
  7. To generate a Client Secret, click Certificates & secrets and select New client secret.

    Figure. Add a certificate or secret
    Add a certificate or secret

  8. Under the Client secrets tab, click New client secret to create a new secret.

    • The client secret will be valid only during the expiration period you set. You can log into the KakaoCloud Console only within that timeframe.

    Figure. Add client secret
    Add client secret

  9. Copy the Value of the newly created client secret to your clipboard.

    • Once you leave the screen, you won’t be able to view the client secret again. Be sure to copy and store it securely.

    Figure. Copy client secret value
    Copy client secret value

  10. After completing the above steps, you will have acquired the following four values: Client ID, Client Secret, Authorization URL, and Token URL. These values are used when registering the IdP in your login settings.

Step 2. Register the IdP

After acquiring the integration details, register the Identity Provider (IdP) before using an external identity account to log in to the KakaoCloud Console.

  1. Go to the KakaoCloud Console > IAM > Organization Management.

  2. The Org Administrator clicks the [Login Settings] button under the Login Settings tab.

  3. On the login settings details page, review the login account information and select the account type to be used.

    • If you select the IdP account, enter the integration protocol and information acquired in Step 1.
    FieldTypeDescription
    Integration protocolSelect OIDC (OAuth 2.0)
    Integration InfoIdP (Identity Provider)Select Azure Active Directory
    Authorization integration typeSelect POST body
    Authorization URLEnter the OAuth 2.0 authorization endpoint (v2) acquired earlier
    Token URLEnter the OAuth 2.0 token endpoint (v2) acquired earlier
    Client IDEnter the Application (Client) ID
    Client SecretEnter the value of the client secret
  4. Test the IdP integration.

    • Enter your ID and password on the identity provider's login screen. If the integration is successful, the test completes.

      Figure. Integration test complete
      Integration test complete

  5. Once the test is successful, click [Save]. Then, confirm that the login account type has been updated to IdP on the Login Settings tab in Organization Management.

Step 3. Log in to the KakaoCloud Console

Change your existing login account to the external identity provider account integrated via IdP.

info

Once you log in with the IdP-integrated account, your KakaoCloud account will be deactivated.

  1. Go to the KakaoCloud Console and log out from your existing KakaoCloud account.

  2. On the KakaoCloud > Console Login page, enter your organization name and click [Next].

  3. Under Microsoft Azure Login > Select Account, choose the AzureAD account integrated with the IdP.

    Figure. Azure AD account
    Azure AD account

  4. Enter the password configured during IdP integration and click [Login]. Verify that you are successfully redirected to the KakaoCloud Console.

    Figure. Azure AD login
    Azure AD login

IdP SAML Integration

Step 1. Issue Integration Info from Azure AD

Azure AD is an external identity provider offered by Microsoft. To integrate IdP via Azure AD, you must obtain two pieces of information: Entity ID and Federation Metadata URL. These values are used in KakaoCloud Console > IAM > Login Settings when registering the IdP.

For more details, refer to Microsoft documentation on SAML protocol support in the Microsoft identity platform and Quickstart: Register an application with the Microsoft identity platform.

  1. Log in to the AzureAD Portal, then click the menu icon in the upper-left corner and go to the Azure Active Directory menu.

    Figure. Azure Active Directory
    Azure Active Directory

  2. In Azure Active Directory, go to Manage > App registrations.

    Figure. App registrations
    App registrations

  3. To register KakaoCloud as an app, click New registration.

    Figure. New registration
    New registration

  4. In Register an application, configure the redirect URI so that authentication responses are returned to it.

    Figure. Register an application
    Register an application

    FieldDescription
    NameEnter kakaocloud (this will appear as the application name)
    Supported account typesSelect Accounts in this organizational directory only
    Redirect URI (optional)Type: Select Web
    Redirect URI: Enter the fixed URI https://iam.kakaocloud.com/auth/saml/acs
  5. On the Overview page, copy the Application (client) ID as your Entity ID.

    Figure. App overview
    App overview

  6. Click Endpoints, then copy the Federation metadata document URL.

    Figure. Copy endpoint info
    Copy endpoint info

    Endpoint InfoDescription
    Federation Metadata DocumentUsed as the Federation Metadata URL during IdP registration
  7. After completing the steps above, you will have acquired two values: Entity ID and Federation Metadata URL. These will be used when registering the IdP in login settings.

Step 2. Register the IdP

After acquiring the integration details, register the Identity Provider (IdP) before using an external identity account to log in to the KakaoCloud Console.

  1. Go to the KakaoCloud Console > IAM > Organization Management.

  2. The Org Administrator clicks the [Login Settings] button under the Login Settings tab.

  3. On the login settings details page, review the login account information and select the account type to be used.

    • If you select the IdP account, refer to the integration details acquired in Step 1 and enter the information below.
    FieldTypeDescription
    Integration protocolSelect SAML 2.0
    Integration infoIdP (Identity Provider)Select Azure Active Directory
    Certificate filesUpload the public key certificate file (.crt) and private key file (.key)
    Federation Metadata URLEnter the URL obtained from the federation metadata document
    Entity ID (App ID)Enter the Application (Client) ID
  4. Test the IdP integration.

    • On the login screen of the external identity provider, enter your ID and password. If the login succeeds, the test completes.

    Figure. Integration test complete
    Integration test complete

  5. Once the test is successful, click [Save]. Then, confirm that the login account type has been updated to IdP on the Login Settings tab in Organization Management.

Step 3. Log in to the KakaoCloud Console

Change your existing login account to the external identity provider account integrated via IdP.

info

When logging in with an IdP-integrated account, your KakaoCloud account will be deactivated.

  1. Go to the KakaoCloud Console and log out from your current KakaoCloud account.

  2. On the KakaoCloud > Console Login page, enter your organization name and click [Next].

  3. Under Microsoft Azure Login > Select Account, choose the Azure AD account integrated with the IdP.

    Figure. Azure AD account
    Azure AD account

  4. Enter the password configured during IdP integration and click [Login]. Make sure that you are redirected to the KakaoCloud Console.

    Figure. Azure AD login
    Azure AD login

Enable two-factor authentication

You can enable two-factor authentication (2FA) to enhance account security by requiring additional verification via email or mobile phone number when logging in to the KakaoCloud Console.
Two-factor authentication is only available for organizations that use the Cloud Account Login method.

caution

Organizations using IdP integration cannot enable two-factor authentication.

  1. Go to the KakaoCloud Console > IAM > Organization Management.
  2. In the Login Settings tab, click the [Login Settings] button. Only Org Admins can configure this setting.
  3. On the login settings page, select "Cloud Account" as the login method and set two-factor authentication to "Enabled", then click [Save].
  4. Log in to the KakaoCloud Console again to verify that two-factor authentication works as expected. A verification code will be sent to the user's email or mobile phone, which must be entered to complete login.
info
  • If a mobile phone number is not registered, mobile phone verification will be disabled.
  • To enable mobile phone verification, users must register their phone number by going to their profile > Account Information after logging into the console.

Set organization security

KakaoCloud provides features to enhance the security of users accessing the console.

You can view and configure security settings that apply to the entire organization in the IAM > Organization Management > Security Settings tab.

Security settings permissions by IAM role

FeatureOrg AdminOrg ReaderProject AdminProject MemberProject Reader
Set password expiration
Set session timeout
Configure console access control

Set password expiration

You can strengthen account security by requiring all users in the organization to change their password at a defined interval.
After the password expiration period, users must set a new password to log in to the KakaoCloud Console.

info
  • Once enabled, password expiration settings apply to all users in the organization.
  • The expiration period is calculated based on the last date the user set or changed their password.
  1. Go to the KakaoCloud Console > IAM > Organization Management.

  2. In the Security Settings tab, click the [Security Settings] button.

  3. Enable password expiration and choose the desired expiration period, then click [Save].

    ItemDescription
    Password expiration periodInterval for requiring a new password
    - Choose from 60/90/120/180 days
    - Custom intervals (30–180 days) are also supported

Set session timeout

You can enhance security by automatically logging users out after a period of inactivity on the console.

  1. Go to the KakaoCloud Console > IAM > Organization Management.

  2. In the Security Settings tab, click the [Security Settings] button.

  3. Set the session timeout period.

    ItemDescription
    Session timeout- Choose from 10/30/60/180 minutes
    - You can also enter a custom time (between 5–720 minutes)

Control console access

You can restrict access to the KakaoCloud Console based on IP address to prevent usage from unauthorized locations.
Only users with the proper IAM role can configure console access control.

info
  • Console access control settings apply to all users immediately upon configuration.
    Any IP address not registered as allowed will be denied access to the console.
  1. Go to the KakaoCloud Console > IAM > Organization Management.

  2. In the Security Settings tab, click the [Security Settings] button.

  3. Enable console access control and register allowed IP addresses, then click [Save].

    ItemDescription
    IP addressEnter the IP address allowed to access the KakaoCloud Console
    - Up to 20 entries
    - Enter full IPs in a.b.c.d format (CIDR not supported)
    IP descriptionDescription for managing the registered IP address

Request organization deletion

The Organization Owner can request deletion of the organization if it is no longer needed.
Before submitting a deletion request, you must delete all resources and user accounts associated with the organization.

caution

Once deleted, all projects, resources, and information in the organization will be permanently removed and cannot be restored.

  1. Go to the KakaoCloud Console > IAM > Users menu.

  2. Delete all users except for the Organization Owner.

  3. In the Projects menu, delete all projects associated with the organization.

  4. Go to the Billing service and check outstanding fees under the Billing menu, then pay all charges.

  5. After completing the above steps, click the [Request Organization Deletion] button at the top of the IAM > Organization Management page.

  6. In the Organization Deletion Request popup, review the checklist, check the confirmation box, and click [Request Deletion].

  7. You can confirm that the deletion request has been submitted in the Login Settings tab of IAM > Organization Management.