Identity and Access Management (IAM) Overview

IAM is a crucial component of SysEleven Cloud, ensuring secure and efficient resource management. Our IAM system is based on Relationship-Based Access Control (ReBAC), offering a flexible and modern approach to access management.

Key Concepts

Users

Users are identified by their email address and relate to one or more organizations.
Users authenticate using a username and password. They can then manage resources they have access to, across organizations and projects.
Users can be invited to an organization. If they do not yet have an account on the platform, they will be invited to sign up.

Teams

Teams are organization-scoped groups of users. They are used to manage access to projects and resources.

Service Accounts

Service Accounts are organization-scoped machine identities. They are used to authenticate applications and services.

Organizations, Projects & Resources

SysEleven uses a three-tiered hierarchical model:

Organizations: Top-level container for memberships and projects, as well as configuration options
Projects: Sub-containers within an organization to organize resources
Resources: Operational elements (VMs, networks, storage, etc.)

Permissions

Fine-grained permissions based on relationships between entities:
User-to-Organization: Defines what a user can do within an organization
User-to-Project: Specifies a user's access rights for a particular project
Organization-to-Project: Determines how organization-level permissions affect project access
Permissions are contextual and can be customized based on specific roles or needs
This relational approach allows for more nuanced and flexible access control compared to traditional role-based systems
Users can have different levels of access across organizations and projects

For detailed information on SysEleven IAM, including features and advanced configurations, please refer to our SysEleven IAM product page.