Assignments

Available in Classic and VPC

This page describes how to create and manage assignments. Assignment connects the Permission Set, which defines the policy to be used by external accounts, with the SSO user, and refers to the scope of permissions that the SSO user can perform from NAVER Cloud Platform.

Assignments interface

The description of the Assignments interface is as follows:

Component	Description
① Menu name	Current menu name.
② Basic features	Features displayed when you enter the Assignments menu for the first time. [Create assignment]: Go to the Assignments creation page. [Learn more]: Go to the Ncloud Single Sign-On overview page. [Refresh]: Reload the current page.
③ Post-registration features	[Edit]: Edit selected assignments information. [Delete]: Delete selected assignments. [Disable]: Disable selected assignments. [Enable]: Enable selected assignments.
④ List of assignments	Check the assignments list and information.
⑤ Search	Search by assignment name is possible.

Check assignment details

To view assignment details:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Navigate to External IdP login > Assignments.
Click on the assignment name in the assignment list.
Check the assignment information.
- Assignment name: Name set when the assignment was created.
- Assignment NRN: Resource name of the assignment.
- Date and time of when assignment was created: Date and time when the assignment was created.
- Role NRN: SSO role NRN created on the Sub Account service.
- Assignment description: Description of the assignment.
- Assignment status: Status of the assignment.
  - In usage: The status of which the assignment is available. Displayed on the SSO role switching list.
  - Interruption: In temporary suspension. Not displayed on the SSO role switching list.
- Account name: The name of the account within the Organization connected to the assignment.
- Account alias: The alias of the connected account. Displayed only when the Organization service is integrated.
- Login ID: Login ID of the account within the Organization connected to the assignment.
- Membership number: The membership number of the account within the Organization connected to the assignment.
- Permission set name: The name of the assigned permission set.
- Permission set NRN: The resource name of the assigned permission set.
- Date and time of when permission set was created: The date and time the assigned permission set was created.
- Permission set description: Simple description of the assigned permission set.
- Tag: Assign tag keys/values to easily classify assignments.
  - View, create, edit, and delete all tags through [Tag management].
  - Only 1 tag value can be assigned to 1 tag key.
Check the tab information at the bottom of the details.
- [User]: SSO user list to grant the permission set in the assignment.
- [Group]: Group list to grant the permission set in the assignment.
- [IP ACL]: List of IP ACLs with access to the assignment.

Create an assignment

By creating an assignment, you can set the scope of the service and resource access permission of NAVER Cloud Platform to be used by external account users. The created assignment can be selected when an external account user logs in to NAVER Cloud Platform.

To create an assignment:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Navigate to External IdP login > Assignments.
Click the [Create assignment].
In the Account selection step, select the account to which you want to grant access permission and click the [Next].
- You must select an account that has the policy resources set in Permission Sets.
Select a permission set, and click the [Next].
Enter the name, description, and access type of the assignment.
- Access type:
  - Console access: Allow access through console only.
  - API Gateway access: Allow access only through API Gateway.
In the tag component, enter the tag Key:Value to classify assignments.
Check the assignment information entered, and click the [Create].
See Add SSO user/group or IP ACL to assignment to add an SSO user that will use the Permission Sets policy for the assignment.

Note

You can manage assignment access for users and groups and also IP address restrictions in assignment details.

Add SSO user/group or IP ACL to assignment

To add an SSO user/group or IP ACL to a created assignment:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Navigate to External IdP login > Assignments.
Click the name of the assignment.
Under the [User], [Group], or [IP ACL] tab, click the [Add].
Select SSO user/group or IP ACL, and click the [Save].

Note

You can add up to 5 IP ACLs to an assignment.

Edit an assignment

To edit assignment information:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Navigate to External IdP login > Assignments.
Click the assignment's radio button, and click the [Edit].
Edit the information.
When you are done editing, click the [Edit].

Disable an assignment

If you disable the assignment, you cannot use the Permission Set of the account connected to the assignment.
To disable an assignment:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Navigate to External IdP login > Assignments.
Click the assignment checkbox, and click the [Disable].
- The SSO user connected to assignment is automatically logged out.
To enable it again, click the [Enable].

Delete an assignment

To delete an assignment:

Caution

Once you delete an assignment, you cannot restore it. So decide carefully.

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Navigate to External IdP login > Assignments.
Click the checkbox of the group to delete, and click the [Delete].
Once the Delete popup window appears, click the [Delete].