scaleway · ldecarvalho-doc · Mar 25, 2025 · Feb 6, 2025 · Feb 6, 2025 · Feb 11, 2025
@@ -0,0 +1,37 @@
+---
+macro: login-member
+---
+
+If you were added to a Scaleway Organization as an [IAM member](/iam/concepts#members), the login process is different.
+
+1. Open your web browser and go to the [Scaleway console](https://console.scaleway.com).
+2. Click the **Log in as an IAM Member**.
+3. Enter the Organization ID and click **Continue**
+4. Enter the username given to you by your Organization's Owner or administrator.
+5. Select an authentication method between **Send code** and **Enter password**.
+    <Tabs id="create-account">
+      <TabsTab label="Email code">
+      1. Click **Send code** to receive a login code in your email.
+          <Message type="important">
+            When you are added to an Organization as a member, a Scaleway account is automatically created for you. The Organization administrator must provide a username and email for you to log in.
+          </Message>
+      2. Enter the code you received in your email.
+          <Message type="tip">
+            If you did not receive the email you can follow these steps, in order:
+              - Make sure you check your spam folder
+              - Click **Resend email**
+              - Contact your Organization administrator to make sure your information was correctly registered
+              - If none of the actions above work, [contact the support](/account/how-to/open-a-support-ticket/#writing-an-effective-subject-and-description)
+          </Message>
+      3. Click **Continue**.
+
+      You are redirected to the Organization dashboard.
+      </TabsTab>
+      <TabsTab label="Password">
+      1. Click **Enter password**.
+      2. Type your password in the box.
+      3. Click **Continue**.
+
+      You are redirected to the Organization dashboard.
+      </TabsTab>
+    </Tabs>
diff --git a/menu/navigation.json b/menu/navigation.json
@@ -52,10 +52,6 @@
                     "label": "Configure support plans",
                     "slug": "configure-support-plans"
                   },
-                  {
-                    "label": "Enforce multifactor authentication",
-                    "slug": "enforce-mfa"
-                  },
                   {
                     "label": "Use multifactor authentication",
                     "slug": "use-2fa"
@@ -279,6 +275,10 @@
                     "label": "Generate an SSH key",
                     "slug": "create-ssh-key"
                   },
+                  {
+                    "label": "Enforce multifactor authentication",
+                    "slug": "enforce-mfa"
+                  },
                   {
                     "label": "Add resources to a Project",
                     "slug": "add-resources-project"
@@ -336,24 +336,20 @@
               {
                 "items": [
                   {
-                    "label": "Invite a user to an Organization",
+                    "label": "Invite a Guest to an Organization",
                     "slug": "invite-user-to-orga"
                   },
                   {
                     "label": "Accept an invitation to an Organization",
                     "slug": "accept-invitation-to-orga"
                   },
                   {
-                    "label": "Manage users",
-                    "slug": "manage-users"
-                  },
-                  {
-                    "label": "Create an application",
-                    "slug": "create-application"
+                    "label": "Log in as a Member",
+                    "slug": "log-in-as-a-member"
                   },
                   {
-                    "label": "Manage applications",
-                    "slug": "manage-applications"
+                    "label": "Comply with security requirements as a Member",
+                    "slug": "comply-with-sec-requirements-member"
                   },
                   {
                     "label": "Create API keys",
@@ -363,6 +359,26 @@
                     "label": "Manage API keys",
                     "slug": "manage-api-keys"
                   },
+                  {
+                    "label": "Manage users",
+                    "slug": "manage-users"
+                  },
+                  {
+                    "label": "Manage Members",
+                    "slug": "manage-members"
+                  },
+                  {
+                    "label": "Enforce security requirements for Members",
+                    "slug": "enforce-security-requirements-members"
+                  },
+                  {
+                    "label": "Create an application",
+                    "slug": "create-application"
+                  },
+                  {
+                    "label": "Manage applications",
+                    "slug": "manage-applications"
+                  },
                   {
                     "label": "Create a group",
                     "slug": "create-group"

@@ -7,7 +7,7 @@ content:
   paragraph: Steps to log in to the Scaleway console.
 tags: account login password access magic-link magic link SSO
 dates:
-  validation: 2024-12-05 
+  validation: 2024-12-05
   posted: 2024-06-11
 categories:
   - console
@@ -43,4 +43,9 @@ Scaleway provides Single Sign-On (SSO) options for a seamless login experience.
 1. Open your web browser and go to the [Scaleway console](https://console.scaleway.com).
 2. Click the **Log in with Google** , **Log in with Microsoft**, or **Log in with GitHub** button, depending on the account you want to use.
 3. You will be redirected to the respective login page of Google, Microsoft or GitHub.
-4. If multifactor authentication (MFA) is activated, enter the authentication code. 
+4. If multifactor authentication (MFA) is activated, enter the authentication code.
+
+## Log into the console as an IAM member
+
+<Macro id="login-member" />
+
@@ -32,8 +32,10 @@ Download the app of your choice and install it onto your smartphone.
 
 ## How to enable MFA
 
-1. Access the [Security](https://console.scaleway.com/account/security) tab of your **User Account** page.
-  Alternatively, click your Organization name on the top-right corner of the console navigation menu, click **Profile**, then **Security**.
+1. Click your Organization name on the top-right corner of the console navigation menu, click **Profile**, then **Security**.
+    <Message type="important">
+      If you are logged in as an [IAM member](/iam/concepts/#member), Click **Profile**, then **Credentials** and scroll down to the **Multifactor authentication** section.
+    </Message>
 2. Click **Enable MFA**, in the **Multifactor authentication** section. A pop-up displays.
 3. Enter the code shown on the pop-up into your MFA app, or scan the QR code into your app.
   Your app sets up MFA for your Scaleway account and displays a 6-digit code.

@@ -40,6 +40,10 @@ The Common Expression Language (CEL) is used to define expressions in [condition
 
 A condition is an additional layer of restrictions for your rule. You can allow access to specific user agents or IP addresses, and allow actions to be performed only at certain dates and times. Conditions are defined through [CEL](#common-expression-language-cel) expressions, and can be set up and configured in the Scaleway console. Refer to the [Understanding policy conditions](/iam/reference-content/understanding-policy-conditions) documentation page to learn how they are set up and how you can define them.
 
+## Grace Period
+
+The grace period is the time an [IAM Members](#members) has to comply with the security requirements that are enforced in your Organization before their account is automatically locked. The accounts can be manually unlocked by an Owner or IAM Manager. Upon regaining access, the grace period resets, giving IAM Members another chance to meet security requirements.
+
 ## Group
 
 A group (also known as an IAM group) is a grouping of [users](#user) and/or [applications](#application). Creating groups allows you to attach [policies](#policy) to multiple users and/or applications at the same time.
@@ -62,6 +66,10 @@ Similarly, you may participate as a Guest in someone else's Organization, where
 
 You can also create non-human users in your Organization, called [IAM applications](#application), in order to give applications programmatic access to your Scaleway resources.
 
+## Member
+
+You are a Member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are created. As a Member you are subject to [complying with the security requirements](/iam/how-to/log-in-as-a-member#how-to-comply-with-security-requirements) in effect in your Organization.
+
 ## Organization
 
 An Organization is made of one or several [Projects](#project). When you create your Scaleway account, an Organization is automatically created, of which you are the Owner. When you create [IAM rules](#rule), you can set their scope at Organization level.
@@ -79,8 +87,6 @@ The Organization ID identifies the [Organization](#organization) created with yo
 
 You are the [Owner](#owner) of the Organization that is created with your Scaleway account. Owners have full rights and access to all resources and features in their Organization. See also [Guest](#guest).
 
-<Lightbox src="scaleway-iam-owners-guests.webp" alt="" />
-
 ## Permission
 
 A permission is a granular right, which is checked to determine whether to give access to an API endpoint. Permissions are grouped into [permission sets](#permission-set) to facilitate access management within [policies](#policy).
@@ -158,7 +164,7 @@ Keep in mind that:
 A user (also known as an IAM user) is a human user in an Organization. They can be of two types:
 - **Owner**: You are the Owner of the [Organization](#organization) that was created with your account.
 - **Guest**: You are a Guest when invited to another Organization of which you are not the Owner. Similarly, you can invite other users to be Guests in your Organization.
+- **Member**: You are a Member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are created.
 
 Within each Organization, different IAM users can have different rights (defined through [policies](#policy)) to perform actions on resources.
 
-<Lightbox src="scaleway-iam-owners-guests.webp" alt="" />
@@ -10,7 +10,7 @@ dates:
   posted: 2022-06-20
 ---
 
-When you [create a Scaleway account](/account/how-to/create-an-account/), an Organization is automatically created, of which you are the [Owner](/iam/concepts/#owner). If you are invited to someone else's Organization, you will simultaneously be the Owner of your own Organization and a guest in the other Organization, where you will have the rights and permissions granted to you via [policies](/iam/concepts/#policy).
+When you [create a Scaleway account](/account/how-to/create-an-account/), an Organization is automatically created, of which you are the [Owner](/iam/concepts/#owner). If you are invited to someone else's Organization, you will simultaneously be the Owner of your own Organization and a Guest in the other Organization, where you will have the rights and permissions granted to you via [policies](/iam/concepts/#policy).
 
 <Lightbox src="scaleway-iam-owners-guests.webp" alt="" />
 
@@ -22,7 +22,7 @@ When you [create a Scaleway account](/account/how-to/create-an-account/), an Org
 When someone invites you to join their Organization, you receive an email to inform you.
 
 <Message type="important">
-  If the Organization you were invited to [enforces MFA](/account/how-to/enforce-mfa/), make sure you have [activated MFA](/account/how-to/use-2fa/) before accepting the invitation.
+  If the Organization you were invited to [enforces MFA](/organizations-and-projects/how-to/enforce-mfa/), make sure you have [activated MFA](/account/how-to/use-2fa/) before accepting the invitation.
 </Message>
 
 ## If you already have a Scaleway account

@@ -0,0 +1,71 @@
+---
+title: How to comply with security requirements as a Member
+description: Instructions for complying with security requirements as an IAM Member
+content:
+  h1: How to comply with security requirements as a Member
+  paragraph: Instructions for complying with security requirements as an IAM Member
+dates:
+  validation: 2025-03-24
+  posted: 2025-03-24
+---
+
+Upon your [first login as a Member](/iam/how-to/log-in-as-a-member), you must comply with your Organization's security requirements to ensure you can log in without issues in the future.
+
+<Macro id="requirements" />
+
+- A Scaleway account and logged into the [console](https://console.scaleway.com) as an [IAM Member](/iam/concepts/#member)
+
+## How to check the security requirements
+
+You Organization administrators may require you to perform two different security actions:
+
+- [Updating your password](#how-to-update-a-password)
+- [Setting up MFA](#how-to-set-up-mfa-as-a-member)
+
+If one of these requirements is enforced in your Organization, a security checklist will display in your Scaleway console when you log in for the first time,
+
+<Lightbox src="scaleway-iam-member-sec-req.webp" alt="screenshot of the scaleway console showing a checklist of the few quick steps to follow until you can explore the Scaleway console. 1. Update password - You are required to update your password to stay connected to this Organization. A message box indicated that there is 1 day left to update the password. It warns that once this grace period is up, you will be locked out of the Organization until an administrator unlocks your account. A button prompts to update the password. "/>
+
+<Message type="note">
+The security requirements checklist is only visible to new Members who have not complied with their Organization's security requirements.
+</Message>
+
+### Grace period
+
+New IAM Members have a [grace period](/iam/concepts/#grace-period) available to comply with security requirements. The grace period is defined by the Organization's administrator or is set to default (7 days).
+
+<Message type="important">
+Once the grace period is over, your Member account is automatically locked and you must personally contact the Organization administrator to unlock you. When you regain access to the Organization, the grace period resets and you have the set amount of time to comply with the requirements again.
+</Message>
+
+For example, if your Organization's grace period is set to default, you have 7 days, starting from your first login, to renew your password or define a new one, and to set up MFA. If you fail to comply until the 11:59 p.m. of the 7th day, you will get locked out of the Organization at 00:00 a.m. of the 8th day.
+
+### Maximum login attempts
+
+Currently, a default number of a maximum 5 login attempts is set up for all Scaleway Organizations.
+
+This means that if you fail to login five times, you will be blocked from your Organization and you must contact your administrator.
+
+## How to update a password
+
+Passwords are not required for a first Member login.
+
+However, if password renewal is enforced in your Organization, you must update your password after your first login.
+
+<Message type="note">
+Your Organization's administrator may provide you with a password for your first login. If password renewal is enforced in your Organization, you still need to update your password.
+</Message>
+
+1. Click **Update password** in your security requirements **Checklist** in the Scaleway console. A pop-up appears.
+2. Define a new password in the box.
+3. (Optional) Check the box if you want to send the password to your email.
+    <Message type="tip">
+    Make sure you copy and securely store the password, as it will only be shown once. If you lose access to your password, you must renew it again. Refer to the [How to manage members](/iam/how-to/manage-members#how-to-edit-a-members-information) documentation to learn how to renew your password after first renewal.
+    </Message>
+
+If all security requirements are met, you will be redirected to the Organization dashboard. If not, follow the steps of the [next section](#how-to-set-up-mfa-as-a-member) to complete the checklist.
+
+## How to set up MFA as a Member
+
+1. Click **Enable MFA** in your security requirements **Checklist** in the Scaleway console. A pop-up appears.
+2. Follow the steps as indicated in the [How to use MFA](/account/how-to/use-2fa) documentation page.
@@ -59,4 +59,3 @@ API keys always inherit the permissions of their bearer (the IAM user or IAM app
 
 9. Ensure you have securely saved the secret key, then close the window. You are returned to the **API keys** tab, where your new API key now appears in the list.
 
-
Original file line number	Diff line number	Diff line change
Expand Up		@@ -59,4 +59,3 @@ API keys always inherit the permissions of their bearer (the IAM user or IAM app

		9. Ensure you have securely saved the secret key, then close the window. You are returned to the API keys tab, where your new API key now appears in the list.