External Access authentication and permissions management

Prev Next

Available in Classic and VPC

This section describes how to authenticate workloads outside NAVER Cloud Platform and manage the permissions required to access NAVER Cloud Platform.

Authenticate external workload

To authenticate external workloads and securely provide temporary keys, create an X.509 certificate using the NCP Private CA service on NAVER Cloud Platform, or perform authentication and permissions management through external CA registration in the External Access menu.

Create Trust Anchor

This step involves configuring the Trust Anchor to validate the customer's certificate. To create Trust Anchor, follow these steps:

  1. From the NAVER Cloud Platform console, click i_menu > Services > Management & Governance > Sub Account > External Access in order.
  2. Click the [Create] button on the Trust Anchor tab.

subaccount-external-access_trustanchor_01_ko

  1. Enter the name and description of the trust anchor you want to create in the Trust Anchor information.
  2. Select the CA to register in the CA information. You can register the CA by selecting the created Ncloud Private CA or entering the external CA manually.
    • If no Ncloud Private CA has been created, you can proceed by creating a CA by clicking the Create Private CA button.
  3. After entering the Trust Anchor information and CA information, click the [Create] button.
  4. Check the Trust Anchor tab to verify that the trust anchor has been added.
    subaccount-external-access_trustanchor_02_ko

Create profile and integrate roles

This step involves creating and managing a Profile for accessing NAVER Cloud Platform.
By mapping the External Access Service Role to the Profile, you can control access to NAVER Cloud Platform resources through the external access service role for authenticated external workloads. To create a Profile, follow these steps:

  1. From the NAVER Cloud Platform console, click i_menu > Services > Management & Governance > Sub Account > External Access in order.
  2. Click the [Create] button on the Profile tab.
    subaccount-external-access_profile_01_ko
  3. In Profile information, enter the name and notes for the profile you want to create.
  4. In Role information, select a role that you want to integrate with the profile.
  5. Set the expiration time for the temporarily issued key in Session information.
  6. Click [Create].
  7. Check the Profile tab to verify that the profile has been added.
    subaccount-external-access_profile_02_ko
Note
  • A role can only be linked to 1 profile.
  • A profile can be created without any roles assigned.
  • The session expiration time can range from 600 seconds (10 minutes) to 43,200 seconds (12 hours).

Subject Activity

You can manage the detailed usage history of certificates with the same subject properties (subjects) through subject activity. Subject activity is automatically created based on the certificate usage history. To view the usage history, follow these steps:

  1. From the NAVER Cloud Platform console, click i_menu > Services > Management & Governance > Sub Account > External Access in order.
  2. Click Subject that has been created in the Subject Activity tab.
  3. Check the information on the created Subject and the certificate usage history.

Issue temporary keys with Signing Helper

Once the trust anchor and profile settings are complete, you can issue temporary keys and obtain temporary credentials through Signing Helper CLI.