Groups offer a new approach for managing identities and their access to HashiCorp Cloud Platform (HCP) resources.
As customers scale their usage of the HashiCorp Cloud Platform (HCP), more complex identity and access management (IAM) problems can emerge. User onboarding, management of role-based access control (RBAC), and auditing are just a few of the areas that need to scale with user-management processes.
Security best practices emphasize the importance of rigorously adhering to the principle of least privilege by clearly defining roles based on job function. At HashiCorp, we want to help organizations enforce regular reviews of roles and their associated permissions so they have more control over their users’ access. In pursuit of this objective, we released a feature called HCP groups, which offers organizations a centralized role-management interface within the HCP console.
It’s now easier than ever for organizations to group user identities and assign roles and projects to them. HCP groups bear many similarities to RBAC, where roles represent a set of permissions and responsibilities relevant to a specific job or function within your organization. For example, roles might include "project admin", "project contributor", "administrator", and so on, each with its own set of permissions. This capability can make user management faster and more robust, paving the way for tighter integration with identity-management processes.
Groups are an identity principle that lets administrators bundle user identities and treat them as a single unit that can receive role assignments and project associations. This enables more efficient and logical user management along with clearer permissions auditing.
Each group can have one or more user members, and a group can then be associated with one or more projects. Groups can also have a different role assignment for different associated projects.
For example, you may have an application engineering group with five members. Using HCP groups, you can give the application engineering group admin role permissions for a development project, contributor role permissions for a QA project, and view-only role permissions for a production project, as shown here:
Groups can be managed within the organization's “Access control (IAM)” settings section of the portal. To get started, follow these seven steps:
When thinking about role permissions, keep in mind that HCP chooses the most elevated role when resolving multiple roles assigned to a user via groups and at the organization level.
You can find more information and step-by-step instructions in the HCP groups documentation.
(Note: If you are interested in using identity groupings that already exist in your identity provider for HCP, HashiCorp would like to help with your particular use case. Please use this brief form to let us know about your interest.)
HCP groups represents a significant enhancement to HCP’s IAM capabilities. A streamlined approach to role management and user access control through groups helps organizations improve security, efficiency, and compliance with best practices.
For more information and to get started with the HashiCorp Cloud Platform, please visit the HCP product page or sign up through the HCP portal.
ServiceNow Service Catalog for Terraform now lets users provision infrastructure powered by no-code modules published in their organization’s private registry.
HashiCorp joins IBM to accelerate the mission of multi-cloud automation and bring the products to a broader audience of users and customers.
You can now see the Packer Community Edition version and plugin versions associated with each artifact in HCP Packer.