Why can't I configure the IAM credentials engine?

You try to configure the IAM credentials engine in an IBM Cloud® Secrets Manager instance, but you're unable to do so.

In the Secrets Manager UI, you go to the Secrets engines page to configure the IAM credentials engine. You receive the following error message when you try to create an API key:

Access required
You're not authorized to complete this action. To verify your permissions, contact your administrator.

You verify with an account owner that you already have Manager service access to Secrets Manager, but you're still unable to configure the IAM credentials engine for the instance.

You need additional permissions to create service ID API keys in the account. In some cases, API key and service ID creation might also be restricted on the account.

First, verify with the account owner that you're assigned the following IAM permissions:

Administrator platform access on the IAM Access Groups Service.
Administrator platform access on the IAM Identity Service.
Manager service access on the Secrets Manager instance.

If the updated access permissions do not resolve the issue, verify with the account owner that the Restrict API key creation and Restrict service ID creation options are disabled on the account.

The figure shows a simplified IAM dashboard with numbered steps for disabling account restrictions. — Disabling API key and service ID restrictions

If the problem persists, contact IBM Cloud support.