# Introduction

**FPT Identity & Access Management (FPT IAM)** is a feature that allows Tenant owners to share access to resources on their **FPT Cloud** with other users with different permissions. 

Some basic concepts in FPT IAM: 

* **Role**: The user's role within the organization, which defines the permissions the user is capable of performing. 
* Currently, FPT IAM supports two basic roles: **Super Admin** and **Readonly**. If these two roles do not meet your needs, you can create Custom Roles with customizable permissions. 
* Each role has a list of permissions. 
* **Permission**: determines what features a user can perform on which resources. Each permission belongs to one role. 
* **User group**: A group of users with the same role (by tenant or VPC). 
* **IAM users**: Users added to the tenant who have the right to interact with resources in the tenant according to their assigned role. 

The tenant owner has full control over all VPC resources, including permission features. This account will be assigned the ORG Admin role by default. 

To use IAM, the **Tenant Owner** must first create roles and permissions for roles (Instance manager, Data analyst, etc.) and create user groups assigned to the corresponding roles. 

* For the created User group, the Tenant owner can select and customize the Role and Permission as appropriate. 
* Assign permissions by inviting additional IAM users to the User group via email. 
* After receiving the invitation, IAM users can register/log in or log in via the organization's SSO to the FPT Portal as instructed and use the resources in the invited VPC/Tenant.