メインコンテンツまでスキップ

IAM クライアントを作成し編集する

Last updated on October 23, 2024

Overview

AccelByte Gaming Services (AGS) uses identity and access management (IAM) clients to manage which game resources can be accessed and manipulated by applications. This How-to will walk you through creating an IAM client for your game using the AGS Admin Portal.

For more information about IAM clients and how they interact with AGS, see Managing access control for applications.

Prerequisites

To manage IAM clients, you will need an AGS account with Admin Portal administrator privileges to the game namespace you wish to create an IAM client for. If you don't have access, please reach out to your AccelByte account representative.

Create an IAM Client

Create an IAM client​ for Private Cloud

Follow these steps to create an IAM client, which is done directly from a game namespace in the AGS Admin Portal.

  1. Log in to your AGS Admin Portal.
  2. In the Admin Portal, go into the namespace for the game you want to create an IAM client for.
  3. On the sidebar of that namespace, go to Game Setup > Games and Apps > IAM Clients.
  4. On the IAM Clients page, click the + Create New button.
  5. On the Create New IAM Client form that appears, enter your in the fields under "Basic Information".
    1. Client ID: The unique identifier for this IAM client that can be referenced across the system. This is automatically generated.
    2. Client Type: The client type determines how the client will interact with AGS. See managing access control for applications to learn more about client types.
    3. Client Name: The user-facing label for this client.
    4. Scopes: A mechanism in OAuth 2.0 that limits which resources an IAM client can access. You can select a service from the dropdown menu to add it to the IAM client's scope. Learn more about Scopes by reading the OAuth 2.0 documentation.
    5. Redirect URI: This is only for clients that represent web-based applications, such as a website or a launcher. For web-based clients, set the value to the URL that the system redirects the user to upon a successful login. As the system requires this field for all clients, you can input the default value of http://127.0.0.1 for non web-based clients, such as game servers, game clients, or server uploaders.
    6. Target Audience (Optional): Use this to constrain which service endpoints the client can access. When given a value, it serves as a white list to allow backend services to quickly reject connection attempts before checking client or user permissions. When a client attempts to access a service endpoint, the service first checks the client's "Target Audience" list. The system rejects the connection attempt if the service's URI does not match the Base URI of any of the clients in the Target Audience field. If the client passes the "Target Audience" check, or if the client's Target Audience field is empty, the service proceeds to the next authentication step in the client's request, such as checking its permissions and scopes. The Target Audience dropdown contains a list of clients from the namespace that the client is in, along with the Base URI value that client specifies.
    7. Base URI (Optional): You only need to set this for clients that the service uses. Set it to the URI of the service itself. Leave the value empty for clients you don't intend to use to allow a service to access the rest of the platform.
    8. Description (Optional): Use this to provide more information for and context to how this IAM client is used.
  6. Complete the Client SDK Configuration field as desired. This is used by integrated AGS SDKs.
    1. Platform (Optional): This defines which third-party platform the SDK client runs on. This field is optional. If you choose not to bind to any third-party platform, leave it blank.
  7. Configure the Advanced Configurations for two-factor authentication (2FA) and expiration times.
    1. Two-Factor Authentication: Toggle this to enable 2FA for this client.
    2. Override Expiration Time: Toggling this will reveal fields to manually adjust Access Token Expiration Time and Refresh Token Expiration Time to be different than the default values.
  8. Click Create when you've completed the form.

An IAM client has been created for this game namespace and will appear on the IAM Clients page.

Create an IAM Client for Shared Cloud

AGS Shared Cloud

To create the IAM Client in Shared Cloud, you can see the create an IAM Client in Shared Cloud documents under the Service section.

Edit an IAM client

Edit an IAM Client​ for Private Cloud

You can edit any of the information in your created IAM clients by following these steps.

  1. Log in to your AGS Admin Portal.
  2. In the Admin Portal, go into the namespace for the game you want to create an IAM client for.
  3. On the sidebar of that namespace, go to Game Setup > Games and Apps > IAM Clients.
  4. On the IAM Clients page, click View under the "Action" column next to the IAM client you wish to edit.
  5. On the Details tab of your client, click the Edit icon next to the fields you wish to edit.
  6. Enter your new information into the field and click the checkmark to save it.

Your new information will be saved to the IAM client and a pop-up message will appear in the top-right corner to confirm.

Edit an IAM Client for Shared Cloud

AGS Shared Cloud

To edit the IAM Client in Shared Cloud, you can see the add permission to a client in Shared Cloud documents under the Service section.

What's next?

Now that you've created an IAM client, you can begin adding permissions to it. Follow the How-to on adding permissions to an IAM client to do this.