External Access authentication and permissions management
- Print
- PDF
External Access authentication and permissions management
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The latest service changes have not yet been reflected in this content. We will update the content as soon as possible. Please refer to the Korean version for information on the latest updates.
Available in Classic and VPC
This page provides description on how to authenticate workloads outside NAVER Cloud Platform and manage the permissions required to access NAVER Cloud Platform.
Authenticate external workload
To authenticate external workloads and securely provide temporary keys, generate an X.509 certificate using the NCP Private CA service on NAVER Cloud Platform, and manage authentication and authorization through the External Access menu.
- Using Private CA: More information on using private CA
Create Trust Anchor
This step involves configuring the Trust Anchor to validate the customer's certificate. To create Trust Anchor, follow these steps:
- On NAVER Cloud Platform console, click Services > Management & Governance > Sub Account > Sub Accounts in order.
- Click the [Create] button on the Trust Anchor tab.
.png?sv=2022-11-02&spr=https&st=2025-03-22T14%3A39%3A21Z&se=2025-03-22T14%3A49%3A21Z&sr=c&sp=r&sig=3PwgcRI7zoRBzt6Kdrs%2F8HFFpmTzuiICRHuuzoxmrJI%3D)
- Enter the name and description of the trust anchor you want to create in the Trust Anchor information.
- Select the CA to register in the CA information.
- If no CA has been created, you can proceed by creating one by clicking the Create Private CA button.
- After completing the Trust Anchor information and CA information entries, click the [Create] button.
- Check the Trust Anchor tab to verify that the trust anchor has been added.
.png?sv=2022-11-02&spr=https&st=2025-03-22T14%3A39%3A21Z&se=2025-03-22T14%3A49%3A21Z&sr=c&sp=r&sig=3PwgcRI7zoRBzt6Kdrs%2F8HFFpmTzuiICRHuuzoxmrJI%3D)
Create profile and role integrations
This step involves creating and managing a Profile for accessing NAVER Cloud Platform.
By mapping the External Access Service Role to the Profile, you can control access to NAVER Cloud Platform resources through the external access service role for authenticated external workloads. To create a Profile, follow these steps:
- Create Service Role: More information on creating a Service Role and applying roles
- On NAVER Cloud Platform console, click Services > Management & Governance > Sub Account > Sub Accounts in order.
- Click the [Create] button on the Profile tab.
- In Profile information, enter the name and notes for the profile you want to create.
- In Role information, select role that you want to integrate with the profile.
- Set the expiration time for the temporarily issued key in Session information.
- Click [Create].
- Check the Profile tab to verify that the profile has been added
Note
- A role can only be linked to one profile
- A profile can be created without any roles assigned.
- The session expiration time can range from 600 seconds (10 minutes) to 43200 seconds (12 hours).
Subject Activity
You can manage the detailed usage history of certificates with the same subject attributes through subject activity. Subject activity is automatically generated based on the certificate usage history, to view the usage history follow these steps:
- On NAVER Cloud Platform console, click Services > Management & Governance > Sub Account > Sub Accounts in order.
- Click Subject that has been created in Subject Activity tab.
- Check the information of the created Subject and the certificate usage history.
Issue temporary keys with Signing Helper
Once the trust anchor and profile settings are complete, you can issue temporary keys and obtain temporary credentials through Signing Helper CLI.
- Using Signing Helper CLI: Signing Helper CLI Guide
Was this article helpful?