Skip to Content
Best Practices

Successful Practices and Typical Cases

Successful Practices

First, regularly change login passwords. Passwords should preferably include uppercase letters, lowercase letters, numbers, and special characters, and should not contain common English words. Administrators can enable the “regular password change” function for specified accounts.

Second, follow the principle of least privilege. When assigning a role to a team member, grant only the permissions necessary for their work. For example, if an operation and maintenance staff member in your company only needs to view the load status of all cloud hosts, grant them only the “Cloud Host Read-Only” role.

Third, enable API access control. Allow only your company’s outbound IP addresses to manage cloud resources via API, rather than all IP addresses. You can configure this in the API product section under “API Keys”.

Typical Cases

Xiao Ming is a technical backbone of a high-tech company. Later, he decided to start a business with several old friends. At the beginning of the company’s establishment, Xiao Ming registered an account (devops@xnasa.com) on {channelName}} upon a friend’s recommendation. He tried out cloud products such as UHost (cloud host), EIP (Elastic IP), and UDB (database). After several rounds of evaluation, he finally chose {channelName}} as the company’s cloud service provider and formally renewed the previously trialed UHost, EIP, and UDB for one year to enjoy the promotion of “pay for 10 months and get 2 months free”.

1. Security First, Always

The hardships of starting a business go without saying. A team of seven or eight people worked in a small space of dozens of square meters, and after several months of hard work, their new product was finally launched with a positive market response. Xiao Ming was well aware that the risk of account password leakage was very high—and if such a leakage occurred, the impact on the company’s future would be unimaginable.

After consulting {channelName}}’s technical support, Xiao Ming learned that {channelName}} provides two types of two-factor authentication (2FA) login services: TOTP (Time-Based One-Time Password) dynamic security verification and QR code login. After enabling the 2FA service, when you log in to {channelName}} with your account and password, you will be required to enter a verification code; the system will only grant access if the code is valid. It is recommended to use the dynamic token binding function of the {channelName}} APP, or bind your account with other dynamic token tools based on the TOTP algorithm (e.g., Google Authenticator, FortiToken, or the WeChat mini-program “Secondary Verification Code”). QR code login is more convenient: you only need to scan the QR code with the {channelName}} APP to log in each time.

After careful consideration, Xiao Ming chose the QR code login solution.

2. Smooth Collaboration Among Multiple Users

After several rounds of product optimization and upgrades, the number of users grew, and the company entered a stage of rapid development. The R&D team expanded to dozens of people. Having everyone manage cloud resources using the devops@xnasa.com account was both inconvenient and unsafe.

Xiao Ming then activated the Account and Permission Management service. He created an individual account for each team member who needed to manage cloud resources, and added all these accounts to the only project “Project X” under the devops@xnasa.com account. This way, each team member could log in to {channelName}}’s cloud console with their own account to manage resources. By checking the operation logs, Xiao Ming could track which team member performed which operations on which resources.

Later, based on the initial “Project Administrator” role, Xiao Ming created additional roles and assigned them to the corresponding sub-accounts. Each role had specific permissions: for example, the “Web Development Engineer” role only had permission to view and operate the UHost product, but no permission to create or delete UHost instances. If a sub-account had the “Web Development Engineer” role in “Project X”, it could only view and operate UHost resources (without creation/deletion rights).

3. Managing Multiple Businesses Made Easy

During the implementation of “Project X”, several members of Xiao Ming’s team identified a new market opportunity, which they named “Task Y”.

To ensure business security, Xiao Ming created a new project named “Task Y”. He added the team members responsible for “Task Y” to this new project, and since these members were no longer in charge of “Project X”, he also removed them from the “Project X” project.

In this way, the team members responsible for “Task Y” could only manage the cloud resources deployed for “Task Y”. Additionally, “Task Y” and “Project X” were in different basic networks and did not affect each other.

SSO ManagementFrequently Asked Questions