scaleway · ldecarvalho-doc · Mar 25, 2025 · Feb 6, 2025 · Feb 6, 2025 · Feb 11, 2025
@@ -0,0 +1,37 @@
+---
+macro: login-member
+---
+
+If you were added to a Scaleway Organization as an [IAM member](/iam/concepts#members), the login process is different.
+
+1. Open your web browser and go to the [Scaleway console](https://console.scaleway.com).
+2. Click the **Log in as an IAM Member**.
+3. Enter the Organization ID and click **Continue**
+4. Enter the username given to you by your Organization's Owner or administrator.
+5. Select an authentication method between **Send code** and **Enter password**.
+    <Tabs id="create-account">
+      <TabsTab label="Email code">
+      1. Click **Send code** to receive a login code in your email.
+          <Message type="important">
+            When you are added to an Organization as a member, a Scaleway account is automatically created for you. The Organization administrator must provide a username and email for you to log in.
+          </Message>
+      2. Enter the code you received in your email.
+          <Message type="tip">
+            If you did not receive the email you can follow these steps, in order:
+              - Make sure you check your spam folder
+              - Click **Resend email**
+              - Contact your Organization administrator to make sure your information was correctly registered
+              - If none of the actions above work, [contact the support](/account/how-to/open-a-support-ticket/#writing-an-effective-subject-and-description)
+          </Message>
+      3. Click **Continue**.
+
+      You are redirected to the Organization dashboard.
+      </TabsTab>
+      <TabsTab label="Password">
+      1. Click **Enter password**.
+      2. Type your password in the box.
+      3. Click **Continue**.
+
+      You are redirected to the Organization dashboard.
+      </TabsTab>
+    </Tabs>
diff --git a/menu/navigation.json b/menu/navigation.json
@@ -52,10 +52,6 @@
                     "label": "Configure support plans",
                     "slug": "configure-support-plans"
                   },
-                  {
-                    "label": "Enforce multifactor authentication",
-                    "slug": "enforce-mfa"
-                  },
                   {
                     "label": "Use multifactor authentication",
                     "slug": "use-2fa"
@@ -279,6 +275,10 @@
                     "label": "Generate an SSH key",
                     "slug": "create-ssh-key"
                   },
+                  {
+                    "label": "Enforce multifactor authentication",
+                    "slug": "enforce-mfa"
+                  },
                   {
                     "label": "Add resources to a Project",
                     "slug": "add-resources-project"
@@ -336,24 +336,20 @@
               {
                 "items": [
                   {
-                    "label": "Invite a user to an Organization",
+                    "label": "Invite a Guest to an Organization",
                     "slug": "invite-user-to-orga"
                   },
                   {
                     "label": "Accept an invitation to an Organization",
                     "slug": "accept-invitation-to-orga"
                   },
                   {
-                    "label": "Manage users",
-                    "slug": "manage-users"
-                  },
-                  {
-                    "label": "Create an application",
-                    "slug": "create-application"
+                    "label": "Log in as a Member",
+                    "slug": "log-in-as-a-member"
                   },
                   {
-                    "label": "Manage applications",
-                    "slug": "manage-applications"
+                    "label": "Comply with security requirements as a Member",
+                    "slug": "comply-with-sec-requirements-member"
                   },
                   {
                     "label": "Create API keys",
@@ -363,6 +359,26 @@
                     "label": "Manage API keys",
                     "slug": "manage-api-keys"
                   },
+                  {
+                    "label": "Manage users",
+                    "slug": "manage-users"
+                  },
+                  {
+                    "label": "Manage Members",
+                    "slug": "manage-members"
+                  },
+                  {
+                    "label": "Enforce security requirements for Members",
+                    "slug": "enforce-security-requirements-members"
+                  },
+                  {
+                    "label": "Create an application",
+                    "slug": "create-application"
+                  },
+                  {
+                    "label": "Manage applications",
+                    "slug": "manage-applications"
+                  },
                   {
                     "label": "Create a group",
                     "slug": "create-group"

@@ -7,7 +7,7 @@ content:
   paragraph: Steps to log in to the Scaleway console.
 tags: account login password access magic-link magic link SSO
 dates:
-  validation: 2024-12-05 
+  validation: 2024-12-05
   posted: 2024-06-11
 categories:
   - console
@@ -43,4 +43,9 @@ Scaleway provides Single Sign-On (SSO) options for a seamless login experience.
 1. Open your web browser and go to the [Scaleway console](https://console.scaleway.com).
 2. Click the **Log in with Google** , **Log in with Microsoft**, or **Log in with GitHub** button, depending on the account you want to use.
 3. You will be redirected to the respective login page of Google, Microsoft or GitHub.
-4. If multifactor authentication (MFA) is activated, enter the authentication code. 
+4. If multifactor authentication (MFA) is activated, enter the authentication code.
+
+## Log into the console as an IAM member
+
+<Macro id="login-member" />
+
@@ -40,6 +40,10 @@ The Common Expression Language (CEL) is used to define expressions in [condition
 
 A condition is an additional layer of restrictions for your rule. You can allow access to specific user agents or IP addresses, and allow actions to be performed only at certain dates and times. Conditions are defined through [CEL](#common-expression-language-cel) expressions, and can be set up and configured in the Scaleway console. Refer to the [Understanding policy conditions](/iam/reference-content/understanding-policy-conditions) documentation page to learn how they are set up and how you can define them.
 
+## Grace Period
+
+The grace period is the time an [IAM Members](#members) has to comply with the security requirements that are enforced in your Organization before their account is automatically locked. The accounts can be manually unlocked by an Owner or IAM Manager. Upon regaining access, the grace period resets, giving IAM Members another chance to meet security requirements.
+
 ## Group
 
 A group (also known as an IAM group) is a grouping of [users](#user) and/or [applications](#application). Creating groups allows you to attach [policies](#policy) to multiple users and/or applications at the same time.
@@ -62,6 +66,10 @@ Similarly, you may participate as a Guest in someone else's Organization, where
 
 You can also create non-human users in your Organization, called [IAM applications](#application), in order to give applications programmatic access to your Scaleway resources.
 
+## Member
+
+You are a Member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are created. As a Member you are subject to [complying with the security requirements](/iam/how-to/log-in-as-a-member#how-to-comply-with-security-requirements) in effect in your Organization.
+
 ## Organization
 
 An Organization is made of one or several [Projects](#project). When you create your Scaleway account, an Organization is automatically created, of which you are the Owner. When you create [IAM rules](#rule), you can set their scope at Organization level.
@@ -79,8 +87,6 @@ The Organization ID identifies the [Organization](#organization) created with yo
 
 You are the [Owner](#owner) of the Organization that is created with your Scaleway account. Owners have full rights and access to all resources and features in their Organization. See also [Guest](#guest).
 
-<Lightbox src="scaleway-iam-owners-guests.webp" alt="" />
-
 ## Permission
 
 A permission is a granular right, which is checked to determine whether to give access to an API endpoint. Permissions are grouped into [permission sets](#permission-set) to facilitate access management within [policies](#policy).
@@ -158,7 +164,7 @@ Keep in mind that:
 A user (also known as an IAM user) is a human user in an Organization. They can be of two types:
 - **Owner**: You are the Owner of the [Organization](#organization) that was created with your account.
 - **Guest**: You are a Guest when invited to another Organization of which you are not the Owner. Similarly, you can invite other users to be Guests in your Organization.
+- **Member**: You are a Member when you are added to an Organization by an Owner or user with IAM Manager permissions. Members exist only within the specific Organizations in which they are created.
 
 Within each Organization, different IAM users can have different rights (defined through [policies](#policy)) to perform actions on resources.
 
-<Lightbox src="scaleway-iam-owners-guests.webp" alt="" />
@@ -10,7 +10,7 @@ dates:
   posted: 2022-06-20
 ---
 
-When you [create a Scaleway account](/account/how-to/create-an-account/), an Organization is automatically created, of which you are the [Owner](/iam/concepts/#owner). If you are invited to someone else's Organization, you will simultaneously be the Owner of your own Organization and a guest in the other Organization, where you will have the rights and permissions granted to you via [policies](/iam/concepts/#policy).
+When you [create a Scaleway account](/account/how-to/create-an-account/), an Organization is automatically created, of which you are the [Owner](/iam/concepts/#owner). If you are invited to someone else's Organization, you will simultaneously be the Owner of your own Organization and a Guest in the other Organization, where you will have the rights and permissions granted to you via [policies](/iam/concepts/#policy).
 
 <Lightbox src="scaleway-iam-owners-guests.webp" alt="" />
 
@@ -22,7 +22,7 @@ When you [create a Scaleway account](/account/how-to/create-an-account/), an Org
 When someone invites you to join their Organization, you receive an email to inform you.
 
 <Message type="important">
-  If the Organization you were invited to [enforces MFA](/account/how-to/enforce-mfa/), make sure you have [activated MFA](/account/how-to/use-2fa/) before accepting the invitation.
+  If the Organization you were invited to [enforces MFA](/organizations-and-projects/how-to/enforce-mfa/), make sure you have [activated MFA](/account/how-to/use-2fa/) before accepting the invitation.
 </Message>
 
 ## If you already have a Scaleway account

@@ -0,0 +1,69 @@
+---
+title: How to comply with security requirements as a Member
+description: Instructions for complying with security requirements as an IAM Member
+content:
+  h1: How to comply with security requirements as a Member
+  paragraph: Instructions for complying with security requirements as an IAM Member
+dates:
+  validation: 2025-03-24
+  posted: 2025-03-24
+---
+
+Upon your [first login as a Member](/iam/how-to/log-in-as-a-member), you must comply with your Organization's security requirements to ensure you can log in without issues in the future.
+
+<Macro id="requirements" />
+
+- A Scaleway account and logged into the [console](https://console.scaleway.com) as an [IAM Member](/iam/concepts/#member)
+
+## How to check the security requirements
+
+When you log in for the first time, a security checklist displays in your Scaleway console.
+
+<Lightbox src="scaleway-iam-member-sec-req.webp" alt="screenshot of the scaleway console showing a checklist of the few quick steps to follow until you can explore the Scaleway console. 1. Update password - You are required to update your password to stay connected to this Organization. A message box indicated that there is 1 day left to update the password. It warns that once this grace period is up, you will be locked out of the Organization until an administrator unlocks your account. A button prompts to update the password. "/>
+
+Currently, the mandatory security requirements include:
+
+- [Updating your password](#how-to-update-a-password)
+- [Setting up MFA](#how-to-set-up-mfa-as-a-member)
+
+### Grace period
+
+New IAM Members have a [grace period](/iam/concepts/#grace-period) available to comply with security requirements. The grace period is defined by the Organization's administrator or is set to default (7 days).
+
+<Message type="important">
+Once the grace period is over, your Member account is automatically locked and you must personally contact the Organization administrator to unlock you. When you regain access to the Organization, the grace period resets and you have the set amount of time to comply with the requirements again.
+</Message>
+
+For example, if your Organization's grace period is set to default, you have 7 days, starting from your first login, to renew your password or define a new one, and to set up MFA. If you fail to comply until the 11:59 p.m. of the 7th day, you will get locked out of the Organization at 00:00 a.m. of the 8th day.
+
+### Maximum login attempts
+
+Currently, a default number of a maximum 5 login attempts is set up for all Scaleway Organizations.
+
+This means that if you fail to login five times, you will be blocked from your Organization and you must contact your administrator.
+
+## How to update a password
+
+Passwords are not required for a first Member login.
+
+However, even if your Organization administrator provides you with a password or you log in using a code, you must update your password after your first login.
+
+1. Click **Update password** in your security requirements **Checklist** in the Scaleway console. A pop-up appears.
+    <Message type="note">
+    The security requirements checklist is only visible to new Members who have not complied with their Organization's security requirements.
+    </Message>
+2. Define a new password in the box.
+3. (Optional) Check the box if you want to send the password to your email.
+    <Message type="tip">
+    Make sure you copy and securely store the password, as it will only be shown once. If you lose access to your password, you must renew it.
+    </Message>
+
+If all security requirements are met, you will be redirected to the Organization dashboard. If not, follow the steps of the [next section](#how-to-set-up-mfa-as-a-member) to complete the checklist.
+
+## How to set up MFA as a Member
+
+
+
+
+
+
@@ -59,4 +59,3 @@ API keys always inherit the permissions of their bearer (the IAM user or IAM app
 
 9. Ensure you have securely saved the secret key, then close the window. You are returned to the **API keys** tab, where your new API key now appears in the list.
 
-
@@ -0,0 +1,80 @@
+---
+meta:
+  title: How to enforce security requirements for IAM members in your Organization
+  description: This page shows you how to edit the grace period IAM members have to comply with security requirements, enforce password renewal and define a maximum number of login attempts.
+content:
+  h1: How to enforce security requirements for IAM members
+  paragraph: This page shows you how to edit the grace period IAM members have to comply with security requirements, enforce password renewal and define a maximum number of login attempts.
+dates:
+  validation: 2025-02-11
+  posted: 2025-02-11
+categories:
+  - console
+---
+
+For the increased security of your Organization, you can enforce different security measures for your IAM members.
+
+<Message type="important">
+  The security measures listed on this page, except enforcing MFA, apply only to [IAM members](/iam/concepts#members).
+</Message>
+
+<Macro id="requirements" />
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+
+## How to disable a member's MFA
+
+If [Multifactor Authentication (MFA) is enabled](/account/how-to/use-2fa) for a member you can disable it anytime. Disabling MFA is useful if the member loses access to their authentication app and needs to reset MFA.
+
+1. Click **Identity and Access Management (IAM)** on the top-right corner of your [Organization Dashboard](https://console.scaleway.com/organization) in the Scaleway console. The **Users** tab of the [Identity and Access Management dashboard](https://console.scaleway.com/iam/users) displays.
+2. Click the name of the member you want to delete. Alternatively, click <Icon name="more" /> next to the member, and select **Overview**. Either way, you are taken to the user's **Overview** tab.
+3. Click the **Credentials** tab.
+4. Scroll to the **Disable multifactor authentication** section.
+5. Click **Disable MFA**. A pop-up appears
+    <Message type="important">
+      Keep in mind that disabling MFA means a member will no longer be required to sign in with MFA. If [MFA is enforced](/organizations-and-projects/how-to/enforce-mfa) at the Organization level, the member will have a grace period allowing them to enable it again.
+    </Message>
+6. Type **DISABLE** in the box and click **Confirm**.
+
+## How to enforce password renewal
+
+1. Click the **Security** tab of the [Organization Dashboard](https://console.scaleway.com/organization).
+2. Scroll to the **Password renewal** section.
+3. Click **Enforce renewal**. A pop-up displays.
+    <Message type="important">
+      Enforcing password renewal means that all members with a password in the Organization will be requested to reset it upon their first login.
+    </Message>
+4. Type **ENFORCE** in the box and click **Confirm**.
+
+## How to stop enforcing password renewal
+
+1. Click the **Security** tab of the [Organization Dashboard](https://console.scaleway.com/organization).
+2. Scroll to the **Password renewal** section.
+3. Click **Stop enforcing renewal**. A pop-up displays.
+4. Type **STOP** in the box and click **Confirm**.
+
+## How to edit the grace period of your Organization
+
+From their first login, members have a default grace period of seven days to comply with security requirements before their access to the Organization is automatically locked. You can extend or reduce the grace period in the console.
+
+<Message type="important">
+  Locked members cannot connect to the Organization until they are [manually unlocked](/iam/how-to/manage-members#how-to-unlock-a-member). Upon regaining access, the grace period resets, giving them another chance to meet security requirements.
+</Message>
+
+1. Click the **Security** tab of the [Organization Dashboard](https://console.scaleway.com/organization).
+2. Scroll to the **Grace period** section.
+3. Click **Define grace period**. A pop-up displays.
+4. Define the grace period in hours or days.
+5. Click **Define grace period** to confirm.
+
+## How to set a maximum number of login attempts
+
+Currently, a default number of a maximum 5 login attempts is set up for your Organization automatically.
+
+## How to enforce MFA for a member
+
+You can enforce MFA for all users in your Organization, including members.
+
+Refer to the [How to enforce MFA](/pages/organizations-and-projects/how-to/enforce-mfa) documentation page for more information.
+
Original file line number	Diff line number	Diff line change
Expand Up		@@ -59,4 +59,3 @@ API keys always inherit the permissions of their bearer (the IAM user or IAM app

		9. Ensure you have securely saved the secret key, then close the window. You are returned to the API keys tab, where your new API key now appears in the list.