# FAQ

The following are a few FAQ that provide insight into the IAM Federation.

## What is IAM Federation?

Identity and Access Management (IAM) Federation enables users from an external Identity Provider (IDP) to access cloud resources, including the Data Center Designer (DCD), after successful authentication and establishment of a link between their organization account and the IDP.

### Can an organization use any IDP to establish an IAM Federation connection?

Only Federated IDPs, such as SAML 2.0 or OpenID Connect (OIDC), are supported to establish a trust authentication connection with the IAM Federation.

### How can a user benefit by using IAM Federation?

Once users link their organization user account with <code class="expression">space.vars.ionos\_cloud</code> IAM Federation, they can sign in with their organization credentials to access <code class="expression">space.vars.ionos\_cloud</code> resources, including the DCD. Additionally, users can experience seamless sign-in to the DCD with SSO. For more information, see [<mark style="color:blue;">Benefits</mark>](/cloud/set-up-ionos-cloud/management/identity-access-management/iam-federation/overview/features-benefits.md).

### Can any user link their account to IAM Federation?

No, only users with an existing account in <code class="expression">space.vars.ionos\_cloud</code> can link their organization accounts with IAM Federation. New users without an <code class="expression">space.vars.ionos\_cloud</code> account cannot establish an IAM Federation account linking. For more information, see [<mark style="color:blue;">Manage User Account in IAM Federation</mark>](/cloud/set-up-ionos-cloud/management/identity-access-management/iam-federation/how-tos/manage-user-account-iam-federation.md).

### How can an organization establish a connection to the IAM Federation?

<code class="expression">space.vars.ionos\_cloud</code> offers [<mark style="color:blue;">APIs</mark>](/cloud/set-up-ionos-cloud/management/identity-access-management/iam-federation/api-how-tos.md) that organizations can use to request domain ownership and onboard their IDP to establish a connection with the IAM Federation. For step-by-step instructions, see [<mark style="color:blue;">Configure IAM Federation</mark>](/cloud/set-up-ionos-cloud/management/identity-access-management/iam-federation/how-tos/configure-iam-federation.md).

### Why a domain is required for IAM Federation?

When you set up IAM Federation, the domain you own becomes the link between your <code class="expression">space.vars.ionos\_cloud</code> organization and the external IDP.

* <code class="expression">space.vars.ionos\_cloud</code> uses the domain from a user’s email address; for example,`your.domain.com` is used in the `ionos.user@your.domain.com` email address to identify which IDP is available for account linking.
* You must verify the domain through a `TXT Domain Record` record to confirm ownership before it can be associated with an IDP. For more information, see [<mark style="color:blue;">Create a TXT Domain Record</mark>](/cloud/set-up-ionos-cloud/management/identity-access-management/iam-federation/how-tos/create-txt-domain-record.md#next-steps).

After domain verification, existing <code class="expression">space.vars.ionos\_cloud</code> users can link their accounts to the configured IDP. Only IDPs onboarded by your organization and matching the user’s email domain are available. Once linked, users can sign in through the external IDP instead of using native <code class="expression">space.vars.ionos\_cloud</code> credentials.

### What should an organization do after requesting domain ownership?

The organization must create a `TXT Domain Record`. Only on successful creation of the TXT record can <code class="expression">space.vars.ionos\_cloud</code> verify domain ownership. For more information, see [<mark style="color:blue;">Create a TXT Domain Record</mark>](/cloud/set-up-ionos-cloud/management/identity-access-management/iam-federation/how-tos/create-txt-domain-record.md).

### How can users log in to the DCD using IAM Federation?

Once the user have linked their organization account with IAM Federation, they can log in to the DCD using their organization credentials. For more information, see [<mark style="color:blue;">Log in to the Data Center Designer using IDP</mark>](/cloud/set-up-ionos-cloud/management/identity-access-management/iam-federation/how-tos/manage-user-account-iam-federation.md).

### Can a user unlink their account with IAM Federation?

Yes, users can [<mark style="color:blue;">Unlink the user account from IAM Federation</mark>](/cloud/set-up-ionos-cloud/management/identity-access-management/iam-federation/how-tos/manage-user-account-iam-federation.md#unlink-the-user-account-from-iam-federation) using the **Manage Linked Accounts** section in the DCD.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/iam-federation/iam-federation-faq.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.