Create and manage organizations

An organization is the top-level entity in the Kakao Cloud resource hierarchy and represents a company or group unit.
Based on the organization, you can create multiple projects and assign roles to users to finely control access to resources.

Create organization

Follow the steps below to create an organization account in Kakao Cloud.

Role information

• The first user who creates an organization is automatically designated as the Organization Owner, and is granted two default roles: Organization Admin and Billing Admin.
• For detailed permissions for each role, refer to the Organization roles documentation.

1. Go to the Kakao Cloud website and click Sign up.

   Sign-up path	URL
   [Sign up] at the top of the Kakao Cloud portal	https://account.kakaocloud.com/signup

2. Agree to all required terms and click Next.

3. Enter the required account information and click Next.

4. Enter the name of your cloud organization and the information of the designated organization owner, then click Submit.

   Field	Description
   Cloud organization name	The name of your Kakao Cloud organization – Required for all users (including administrators) to log in to the console
   Administrator name	The name of the user who will be assigned as the Organization Owner
   Administrator email	The email address used as the login ID for the organization owner
   Administrator phone number	The mobile phone number of the organization owner

5. Check the Organization invitation and password setup email sent to the provided address, and click Set password.

   • The password must be set within 7 days of receiving the email to access the console.

6. On the Set password page, enter your password and click Register password.

7. Go to the Kakao Cloud Console, enter the organization name, and click Next.

8. Enter your cloud account ID (email) and password, then click Log in to access the console.

Set organization login

Kakao Cloud supports two login methods for organizations.
You can set the login method in the IAM > Organization Management > Login settings tab.
The selected method applies to all members of the organization.

• Cloud account login: Uses Kakao Cloud’s native login system with email and password.
  This method supports two-factor authentication (email, phone, or OTP) for enhanced security.
• IdP integration login: Allows users to log in using an external Identity Provider (IdP) such as Azure AD.
  Two-factor authentication settings in Kakao Cloud are not available in this mode.

Role information

To set organization login settings, you must have the Organization Admin or IAM Organization Admin role.

Cloud account login

This is the default login method provided by Kakao Cloud.
It is set automatically when the organization is created, and users can log in to the console using their email and password.

Users can manage their email, contact information, and two-factor authentication settings from the Profile > Account information page in the console.

Set two-factor authentication

To enhance security, you can enable two-factor authentication (2FA) using email, phone, or OTP.
2FA is available only for the Cloud account login method and applies to all users in the organization.

1. In the Kakao Cloud Console, go to IAM > Organization Management.
2. In the Login settings tab, click Edit login settings.
   Only users with the Organization Admin role can perform this action.
3. On the settings page, select Cloud account as the login type and enable Two-factor authentication, then click Save.
4. After saving, two-factor authentication is applied to all users when logging in.
5. Re-login to the Kakao Cloud Console to verify that 2FA works properly.
   Users must enter a verification code sent to their email, phone, or an OTP generated by an authenticator app.

IdP integration

By integrating an Identity Provider (IdP), users can log in to the Kakao Cloud Console using their external authentication accounts.
This enables consistent application of enterprise security policies (e.g., MFA, account rules) and centralized identity management.

info

• Two-factor authentication and other cloud-account-based features are not available when using external IdP login.
• Before setting up IdP integration, ensure the following:
  • Organization creation is complete.
  • The Organization Admin has registered a Kakao Cloud password and can log in to the console.
  • Azure AD tenant, user, and app registration information is available.

caution

Once the login account is configured to use an IdP, it cannot be switched back to a Kakao Cloud account.
If you need to revert to the cloud account method, contact the Help Desk.

Currently, Kakao Cloud officially supports Azure AD-based OAuth and SAML integration.

OAuth integration

IdP OAuth integration

OAuth integration verifies user credentials through the external IdP using the OAuth 2.0 authentication protocol.

Step 1. Obtain integration information from Azure AD

Register an application in the Azure portal and obtain the authentication details.

The Client ID, Client Secret, Authorization URL, and Token URL will be entered in
Kakao Cloud Console > IAM > Login settings to complete the integration.

tip

For detailed guidance, see Microsoft documentation:
Microsoft identity platform and OAuth 2.0 authorization code flow and
Quickstart: Register an application.

1. Log in to the Azure AD Portal, open the left menu, and select Azure Active Directory.

2. Go to Manage > App registrations and click New registration.

3. Register Kakao Cloud as an application.

4. In the Register an application form, enter the redirect URI where authentication responses will be sent.

   Field	Description
   Name	Enter kakaocloud (this will appear as the application name).
   Supported account types	Select Accounts in this organizational directory only.
   Redirect URI	Type: Web URI: https://iam.kakaocloud.com/auth/oidc/callback

5. Copy the Application (client) ID from the overview page.

6. Click Endpoints, then copy the following from OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2).

   Endpoint	Description
   OAuth 2.0 authorization endpoint (v2)	Enter in the Authorization URL field in Kakao Cloud.
   OAuth 2.0 token endpoint (v2)	Enter in the Token URL field in Kakao Cloud.

7. To generate a Client Secret, go to Certificates & secrets > Client secrets, and click New client secret.

8. Copy the generated secret value immediately, as it will not be visible after leaving the page.

Step 2. Register the IdP in Kakao Cloud

Use the integration information from Azure AD to register an external IdP in Kakao Cloud.
After registration, members of the organization can log in using the external IdP account.

1. In the Kakao Cloud Console, go to IAM > Organization Management.

2. In the Login settings tab, click Edit login settings.

3. On the details page, select the IdP account option and enter the integration details.

   Field	Description
   Protocol	Select OIDC (OAuth 2.0)
   Identity Provider	Select Azure Active Directory
   Authorization method	Select POST body
   Authorization URL	Enter the OAuth 2.0 authorization endpoint (v2)
   Token URL	Enter the OAuth 2.0 token endpoint (v2)
   Client ID	Enter the Application (client) ID
   Client Secret	Enter the client secret value

4. Perform an integration test by logging in through the external IdP screen.
   If successful, click Save and verify that IdP appears as the login method in the Login settings tab.

Step 3. Log in to the Kakao Cloud Console

After IdP integration, users log in to Kakao Cloud using their external IdP credentials.

info

When logged in via IdP, the Kakao Cloud account is deactivated.

1. Log out of your current Kakao Cloud account.
2. On the Kakao Cloud Console login page, enter your organization name and click Next.
3. On the Microsoft Azure login screen, select your Azure AD account and log in.
4. Confirm that you are redirected to the Kakao Cloud Console successfully.

SAML integration

IdP SAML integration

SAML integration verifies user credentials through the external IdP using the SAML 2.0 authentication protocol.

Step 1. Obtain integration information from Azure AD

Register an application in the Azure portal and obtain the Entity ID and Federation Metadata URL to use in
Kakao Cloud Console > IAM > Login settings.

Step 2. Register the IdP in Kakao Cloud

Use the information from Azure AD to register an external IdP in Kakao Cloud.

Field	Description
Protocol	Select SAML 2.0
Identity Provider	Select Azure Active Directory
Certificate files	Upload Public key (.crt) and Private key (.key) files
Federation Metadata URL	Enter the Federation Metadata URL from Azure AD
Entity ID (App ID)	Enter the Application (client) ID

After saving, test the integration by logging in with the external IdP credentials, then confirm that IdP appears as the login method in the Login settings tab.

Step 3. Log in to the Kakao Cloud Console

Log in using your Azure AD account credentials and confirm access to the Kakao Cloud Console.

Set organization security

Kakao Cloud provides several features to strengthen console access security.
Go to Kakao Cloud Console > IAM > Organization Management > Security settings to set security settings that apply to the entire organization.

Role information

To set security settings, you must have the Organization Admin or IAM Organization Admin role.

Set password expiration

You can enhance account security by enforcing periodic password changes.
After the defined period passes since the last password change, users must reset their password to access the console.

info

Password expiration settings are applied immediately to all users in the organization.

Field	Description
Password expiration period	Set the cycle for mandatory password changes. - Select from 60/90/120/180 days, or specify a custom period (30–180 days).

Set session timeout

Set a session timeout duration to automatically log users out after a period of inactivity.

Field	Description
Session timeout	Select from 10/30/60/180 minutes, or specify a custom period (5–720 minutes).

Set console access control

Restrict console access by IP address to prevent unauthorized access.

info

• Console access control applies immediately to all users after saving.
• All console access will be blocked except for registered IPs, so double-check the allowed IP list before applying.

Field	Description
IP address	Enter the IP addresses allowed to access the Kakao Cloud Console. - Up to 20 entries allowed. - Must specify up to the a.b.c.d class (subnet masks not supported).
IP description	Optional description for identifying the registered IP.

Request organization deletion

The Organization Owner can request deletion of an organization that is no longer needed.
Before doing so, you must delete all resources and user accounts belonging to the organization.

caution

When an organization is deleted, all related projects and resources are permanently removed and cannot be recovered. Proceed with caution.

1. In IAM > Users, delete all users except the Organization Owner.
2. In IAM > Projects, delete all projects belonging to the organization.
3. Go to the Billing service and check any outstanding payments.
4. Once all dues are cleared, go to IAM > Organization Management and click Delete organization.
5. In the Request organization deletion popup, review the information, check the confirmation box, and click Request deletion.
6. Verify that the deletion request has been submitted successfully in the Login settings tab.