FAQ

The following are a few FAQ that provide insight into the IAM Federation.

What is IAM Federation?

Identity and Access Management (IAM) Federation enables users from an external Identity Provider (IDP) to access cloud resources, including the Data Center Designer (DCD), after successful authentication and establishment of a link between their organization account and the IDP.

Can an organization use any IDP to establish an IAM Federation connection?

Only Federated IDPs, such as SAML 2.0 or OpenID Connect (OIDC), are supported to establish a trust authentication connection with the IAM Federation.

How can a user benefit by using IAM Federation?

Once users link their organization user account with IONOS Cloud IAM Federation, they can sign in with their organization credentials to access IONOS Cloud resources, including the DCD. Additionally, users can experience seamless sign-in to the DCD with SSO. For more information, see Benefits.

Can any user link their account to IAM Federation?

No, only users with an existing account in IONOS Cloud can link their organization accounts with IAM Federation. New users without an IONOS Cloud account cannot establish an IAM Federation account linking. For more information, see Manage User Account in IAM Federation.

How can an organization establish a connection to the IAM Federation?

IONOS Cloud offers APIs that organizations can use to request domain ownership and onboard their IDP to establish a connection with the IAM Federation. For step-by-step instructions, see Configure IAM Federation.

Why a domain is required for IAM Federation?

When you set up IAM Federation, the domain you own becomes the link between your IONOS Cloud organization and the external IDP.

• IONOS Cloud uses the domain from a user’s email address; for example,your.domain.com is used in the [email protected] email address to identify which IDP is available for account linking.

• You must verify the domain through a TXT Domain Record record to confirm ownership before it can be associated with an IDP. For more information, see Create a TXT Domain Record.

After domain verification, existing IONOS Cloud users can link their accounts to the configured IDP. Only IDPs onboarded by your organization and matching the user’s email domain are available. Once linked, users can sign in through the external IDP instead of using native IONOS Cloud credentials.

What should an organization do after requesting domain ownership?

The organization must create a TXT Domain Record. Only upon successful creation of the TXT record can IONOS Cloud verify domain ownership. For more information, see Create a TXT Domain Record.

How can users log in to the DCD using IAM Federation?

Once the user have linked their organization account with IAM Federation, they can log in to the DCD using their organization credentials. For more information, see Log in to the Data Center Designer using IDP.

Can a user unlink their account with IAM Federation?

Yes, users can Unlink the user account from IAM Federation using the Manage Linked Accounts section in the DCD.