Create and manage organization
Organization is at the top of the KakaoCloud resource hierarchy and represent a company or an organization. Creating and managing organization described in this document is only available to members who have been granted the corresponding IAM roles.
Create organization and set up log-in
To create an organization account in KakaoCloud, follow the steps below:
-
Visit the KakaoCloud website and click the [Sign Up] button.
Sign-up path URL [Sign Up] at the top of the KakaoCloud portal https://account.kakaocloud.com/signup -
Agree to all required terms and click [Next].
-
Enter the required user information to create your KakaoCloud account and click [Next].
-
Enter the cloud organization name and the contact details of the person who will be the organization owner, then click [Complete].
Field Description Cloud organization name The name to be used for the KakaoCloud organization
- Required for all users including admins when accessing the consoleContact name Name of the person who will be the organization owner Contact email Email address of the organization owner
- Used as the login IDContact mobile number Mobile phone number of the contact person -
Open the organization invitation and password setup guide email sent to the contact's email address and click the [Set password] button.
- The initial password must be set within 7 days of receiving the email to log into the console.
-
On the Set password page, enter the password and click [Set password].
-
Go to the KakaoCloud Console, enter your organization name, and click [Next].
-
Enter your cloud account ID (email) and password, then click [Log In] to access the console.
The user who creates the initial cloud organization is designated as the Organization Owner and is granted the Org Admin and Billing Admin roles.
Set organization login
KakaoCloud provides login security features to enhance user account protection.
Organization login setting permissions
Feature | Org Admin | Org Reader | Project Admin | Project Member | Project Reader |
---|---|---|---|---|---|
IdP integration | ✓ | ||||
2FA configuration | ✓ |
Go to IAM > Organization Management > Login Settings to view and configure login account and security features for the organization.
Integrate IdP
The IdP (Identity Provider) integration feature allows users to log into KakaoCloud using an external IdP account. Unlike logging in with a KakaoCloud account, this method uses the authentication provided by the IdP to access the KakaoCloud Console. Currently, only credentials from Azure AD are supported.
- KakaoCloud currently supports Azure AD credentials only.
- Some account features may be limited when using an external IdP to access KakaoCloud.
- To integrate with IdP, the following conditions must be met:
- Organization creation must be completed.
- The org admin must have registered a password and be able to log in with a KakaoCloud account.
- You must have created an Azure AD tenant and registered users.
Once you set the login account to IdP, it cannot be reverted to a KakaoCloud account. Proceed with caution.
IdP OAuth integration
Step 1. Issue integration details from Azure AD
Azure AD is an external IdP provided by Microsoft. To integrate it as an IdP, you must register an app in Azure AD and obtain the following four pieces of information: Client ID, Client Secret, Authorization URL, and Token URL. These are used to register IdP settings in KakaoCloud Console > IAM > Login Settings.
Refer to Microsoft documentation for detailed guidance:
- Microsoft identity platform and OAuth 2.0 authorization code flow
- Quickstart: Register an application with the Microsoft identity platform
-
Log in to the Azure AD Portal, then click the menu icon in the upper-left corner and go to the Azure Active Directory menu.
Azure Active Directory -
In Azure Active Directory, go to Manage > App registrations.
App registrations -
To register KakaoCloud as an app, click New registration.
New registration -
In Register an application, fill out the details so the authentication response is returned to the URI after the user is authenticated.
Register an applicationField Description Name Enter kakaocloud
(this will be displayed as the application name)Supported account types Select Accounts in this organizational directory only to restrict login to a specific tenant Redirect URI (optional) Type: Select Web
Redirect URI: Enter the fixed URIhttps://iam.kakaocloud.com/auth/oidc/callback
-
On the Overview page, copy the Application (client) ID, which is your Client ID, to your clipboard.
App overview -
Click Endpoints, then copy the OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2) to your clipboard.
Copy endpoint informationEndpoint Info Description OAuth 2.0 authorization endpoint (v2) Used as the Authorization URL when registering the IdP OAuth 2.0 token endpoint (v2) Used as the Token URL when registering the IdP -
To generate a Client Secret, click Certificates & secrets and select New client secret.
Add a certificate or secret -
Under the Client secrets tab, click New client secret to create a new secret.
- The client secret will be valid only during the expiration period you set. You can log into the KakaoCloud Console only within that timeframe.
Add client secret -
Copy the Value of the newly created client secret to your clipboard.
- Once you leave the screen, you won’t be able to view the client secret again. Be sure to copy and store it securely.
Copy client secret value -
After completing the above steps, you will have acquired the following four values: Client ID, Client Secret, Authorization URL, and Token URL. These values are used when registering the IdP in your login settings.
Step 2. Register the IdP
After acquiring the integration details, register the Identity Provider (IdP) before using an external identity account to log in to the KakaoCloud Console.
-
Go to the KakaoCloud Console > IAM > Organization Management.
-
The Org Administrator clicks the [Login Settings] button under the Login Settings tab.
-
On the login settings details page, review the login account information and select the account type to be used.
- If you select the IdP account, enter the integration protocol and information acquired in Step 1.
Field Type Description Integration protocol Select OIDC (OAuth 2.0) Integration Info IdP (Identity Provider) Select Azure Active Directory Authorization integration type Select POST body Authorization URL Enter the OAuth 2.0 authorization endpoint (v2) acquired earlier Token URL Enter the OAuth 2.0 token endpoint (v2) acquired earlier Client ID Enter the Application (Client) ID Client Secret Enter the value of the client secret -
Test the IdP integration.
-
Enter your ID and password on the identity provider's login screen. If the integration is successful, the test completes.
Integration test complete
-
-
Once the test is successful, click [Save]. Then, confirm that the login account type has been updated to IdP on the Login Settings tab in Organization Management.
Step 3. Log in to the KakaoCloud Console
Change your existing login account to the external identity provider account integrated via IdP.
Once you log in with the IdP-integrated account, your KakaoCloud account will be deactivated.
-
Go to the KakaoCloud Console and log out from your existing KakaoCloud account.
-
On the KakaoCloud > Console Login page, enter your organization name and click [Next].
-
Under Microsoft Azure Login > Select Account, choose the AzureAD account integrated with the IdP.
Azure AD account -
Enter the password configured during IdP integration and click [Login]. Verify that you are successfully redirected to the KakaoCloud Console.
Azure AD login
IdP SAML Integration
Step 1. Issue Integration Info from Azure AD
Azure AD is an external identity provider offered by Microsoft. To integrate IdP via Azure AD, you must obtain two pieces of information: Entity ID and Federation Metadata URL. These values are used in KakaoCloud Console > IAM > Login Settings when registering the IdP.
For more details, refer to Microsoft documentation on SAML protocol support in the Microsoft identity platform and Quickstart: Register an application with the Microsoft identity platform.
-
Log in to the AzureAD Portal, then click the menu icon in the upper-left corner and go to the Azure Active Directory menu.
Azure Active Directory -
In Azure Active Directory, go to Manage > App registrations.
App registrations -
To register KakaoCloud as an app, click New registration.
New registration -
In Register an application, configure the redirect URI so that authentication responses are returned to it.
Register an applicationField Description Name Enter kakaocloud
(this will appear as the application name)Supported account types Select Accounts in this organizational directory only Redirect URI (optional) Type: Select Web
Redirect URI: Enter the fixed URIhttps://iam.kakaocloud.com/auth/saml/acs
-
On the Overview page, copy the Application (client) ID as your Entity ID.
App overview -
Click Endpoints, then copy the Federation metadata document URL.
Copy endpoint infoEndpoint Info Description Federation Metadata Document Used as the Federation Metadata URL during IdP registration -
After completing the steps above, you will have acquired two values: Entity ID and Federation Metadata URL. These will be used when registering the IdP in login settings.
Step 2. Register the IdP
After acquiring the integration details, register the Identity Provider (IdP) before using an external identity account to log in to the KakaoCloud Console.
-
Go to the KakaoCloud Console > IAM > Organization Management.
-
The Org Administrator clicks the [Login Settings] button under the Login Settings tab.
-
On the login settings details page, review the login account information and select the account type to be used.
- If you select the IdP account, refer to the integration details acquired in Step 1 and enter the information below.
Field Type Description Integration protocol Select SAML 2.0 Integration info IdP (Identity Provider) Select Azure Active Directory Certificate files Upload the public key certificate file (.crt) and private key file (.key) Federation Metadata URL Enter the URL obtained from the federation metadata document Entity ID (App ID) Enter the Application (Client) ID -
Test the IdP integration.
- On the login screen of the external identity provider, enter your ID and password. If the login succeeds, the test completes.
Integration test complete -
Once the test is successful, click [Save]. Then, confirm that the login account type has been updated to IdP on the Login Settings tab in Organization Management.
Step 3. Log in to the KakaoCloud Console
Change your existing login account to the external identity provider account integrated via IdP.
When logging in with an IdP-integrated account, your KakaoCloud account will be deactivated.
-
Go to the KakaoCloud Console and log out from your current KakaoCloud account.
-
On the KakaoCloud > Console Login page, enter your organization name and click [Next].
-
Under Microsoft Azure Login > Select Account, choose the Azure AD account integrated with the IdP.
Azure AD account -
Enter the password configured during IdP integration and click [Login]. Make sure that you are redirected to the KakaoCloud Console.
Azure AD login
Enable two-factor authentication
You can enable two-factor authentication (2FA) to enhance account security by requiring additional verification via email or mobile phone number when logging in to the KakaoCloud Console.
Two-factor authentication is only available for organizations that use the Cloud Account Login method.
Organizations using IdP integration cannot enable two-factor authentication.
- Go to the KakaoCloud Console > IAM > Organization Management.
- In the Login Settings tab, click the [Login Settings] button. Only Org Admins can configure this setting.
- On the login settings page, select "Cloud Account" as the login method and set two-factor authentication to "Enabled", then click [Save].
- Log in to the KakaoCloud Console again to verify that two-factor authentication works as expected. A verification code will be sent to the user's email or mobile phone, which must be entered to complete login.
- If a mobile phone number is not registered, mobile phone verification will be disabled.
- To enable mobile phone verification, users must register their phone number by going to their profile > Account Information after logging into the console.
Set organization security
KakaoCloud provides features to enhance the security of users accessing the console.
You can view and configure security settings that apply to the entire organization in the IAM > Organization Management > Security Settings tab.
Security settings permissions by IAM role
Feature | Org Admin | Org Reader | Project Admin | Project Member | Project Reader |
---|---|---|---|---|---|
Set password expiration | ✓ | ||||
Set session timeout | ✓ | ||||
Configure console access control | ✓ |
Set password expiration
You can strengthen account security by requiring all users in the organization to change their password at a defined interval.
After the password expiration period, users must set a new password to log in to the KakaoCloud Console.
- Once enabled, password expiration settings apply to all users in the organization.
- The expiration period is calculated based on the last date the user set or changed their password.
-
Go to the KakaoCloud Console > IAM > Organization Management.
-
In the Security Settings tab, click the [Security Settings] button.
-
Enable password expiration and choose the desired expiration period, then click [Save].
Item Description Password expiration period Interval for requiring a new password
- Choose from 60/90/120/180 days
- Custom intervals (30–180 days) are also supported
Set session timeout
You can enhance security by automatically logging users out after a period of inactivity on the console.
-
Go to the KakaoCloud Console > IAM > Organization Management.
-
In the Security Settings tab, click the [Security Settings] button.
-
Set the session timeout period.
Item Description Session timeout - Choose from 10/30/60/180 minutes
- You can also enter a custom time (between 5–720 minutes)
Control console access
You can restrict access to the KakaoCloud Console based on IP address to prevent usage from unauthorized locations.
Only users with the proper IAM role can configure console access control.
- Console access control settings apply to all users immediately upon configuration.
Any IP address not registered as allowed will be denied access to the console.
-
Go to the KakaoCloud Console > IAM > Organization Management.
-
In the Security Settings tab, click the [Security Settings] button.
-
Enable console access control and register allowed IP addresses, then click [Save].
Item Description IP address Enter the IP address allowed to access the KakaoCloud Console
- Up to 20 entries
- Enter full IPs ina.b.c.d
format (CIDR not supported)IP description Description for managing the registered IP address
Request organization deletion
The Organization Owner can request deletion of the organization if it is no longer needed.
Before submitting a deletion request, you must delete all resources and user accounts associated with the organization.
Once deleted, all projects, resources, and information in the organization will be permanently removed and cannot be restored.
-
Go to the KakaoCloud Console > IAM > Users menu.
-
Delete all users except for the Organization Owner.
-
In the Projects menu, delete all projects associated with the organization.
-
Go to the Billing service and check outstanding fees under the Billing menu, then pay all charges.
-
After completing the above steps, click the [Request Organization Deletion] button at the top of the IAM > Organization Management page.
-
In the Organization Deletion Request popup, review the checklist, check the confirmation box, and click [Request Deletion].
-
You can confirm that the deletion request has been submitted in the Login Settings tab of IAM > Organization Management.