Creating an IAM access group and granting the role to connect to the VPN server

FOR USER ID AND PASSCODE AUTHENTICATION ONLY

To create an IAM access group and grant the user role to connect to the VPN server, follow these steps:

1. In the IBM Cloud console, go to the Access groups page (Manage > Access (IAM) > Access groups) and click Create.

2. Type a name for your access group and an optional description, then click Create.

3. Click the Access tab, then click Assign access.

4. From the menu, select VPC Infrastructure Services. Then, click Next.

5. For Resources, select All resources, then click Next.

6. For Roles and actions, select Users of the VPN server need this role to connect to the VPN server, then click Review.

7. Review the Create policy summary, and click Add.

8. In the Access summary side panel, click Assign.

9. Add users to your group.

   • For existing users:
     • Click the Users tab, then click Add users.
     • Select the checkboxes next to each user that requires a VPN Client for VPC access, then click Add to group.
   • For new users:

     • Click Manage > Access (IAM), then click Invite users in the upper right.

     • Enter the email address of each user that needs to be invited in the "Enter email address" box. Separate emails by commas, spaces, or line breaks. You can enter up to 100 email addresses.

     • In the group table, click the Add link next to the new IAM group that you created, then click Invite.

       Each user receives an email with a request for them to join an account in IBM Cloud.

For more information, see Setting up access groups. For IAM required permissions and the minimum IAM role to perform a task, see VPN Client for VPC.