How to add accounts to groups

To grant users and service accounts access to the tenant’s resources, add them to one of the groups.

Prerequisites

Web console
CLI

Make sure you are in a group that has the admin role within your tenant; for example, the default admins group. You can check this in the Administration → IAM section of the web console.

Make sure you are in a group that has the admin role within your tenant; for example, the default admins group. You can check this in the Administration → IAM section of the web console.
Install and configure the Nebius AI Cloud CLI.
Check that your project ID is saved in the Nebius AI Cloud CLI profile configuration:
```
cat ~/.nebius/config.yaml
```
Install the jq to extract IDs and tokens from JSON data returned by the Nebius AI Cloud CLI:
sudo apt-get install jq
In the web console, go to Administration → IAM.
If the group was created in a tenant, get the tenant ID and save it to an environment variable:
```
export TENANT_ID=<tenant_ID>
```
If the group was created in a project, get the project ID and save it to an environment variable:
```
export PROJECT_ID=<project_ID>
```

Get the relevant group ID and save it to an environment variable:

export GROUP_ID=$(nebius iam group get-by-name \
  --name <group_name> \
  --parent-id <$TENANT_ID|$PROJECT_ID> \
  --format json \
  | jq -r ".metadata.id")

Add a user account

Web console
CLI

To add a user to a group:

In the sidebar, go to Administration → IAM.
On the Groups tab, click the group you want to add a user to.
Click Add members.
In the window that opens, find the user you want to add to the group and click Add next to their name.

To add a user to a group via the Nebius AI Cloud CLI, you must have their email address.

Save a user email to an environment variable:
```
export USER_EMAIL=<user_email>
```

Get the user account’s ID and save it to an environment variable:

export USER_ID=$(nebius iam tenant-user-account-with-attributes list \
  --parent-id $TENANT_ID \
  --format json | jq -r --arg user_email "$USER_EMAIL" \
  '.items[] | select(.attributes.email == $user_email)
  | .tenant_user_account.metadata.id')

To add the user account to the group, set up its membership:

nebius iam group-membership create \
  --parent-id $GROUP_ID \
  --member-id $USER_ID

Check that the account has appeared in the group:

nebius iam group-membership list-members \
  --parent-id $GROUP_ID | grep "$USER_ID"

Add a service account

Web console
CLI

To add a service account to a group:

In the sidebar, go to Administration → IAM.
On the Groups tab, click on the group you want to add a service account to.
Click Add members.
In the window that opens, switch to the Service accounts tab.
Find the service account you want to add to the group and click Add next to its name.

To add a service account to a group via the Nebius AI Cloud CLI, you must have its name.

Get the service account’s ID and save it to an environment variable:

export SA_ID=$(nebius iam service-account get-by-name \
  --name <service_account_name> \
  --format json \
  | jq -r ".metadata.id")

Set up the account membership in the group:

nebius iam group-membership create \
  --parent-id $GROUP_ID \
  --member-id $SA_ID

Check that the account has appeared in the group:

nebius iam group-membership list-members \
  --parent-id $GROUP_ID | grep "$SA_ID"

If you don’t know the name of the service account:

View all service accounts for your project:
```
nebius iam service-account list
```
Get the service account’s ID and save it to an environment variable. If the required service account does not appear as the first item in the previous command output, change the digit in .items[0].metadata.id:
```
export SA_ID=$(nebius iam service-account list \
  --format json \
  | jq -r ".items[0].metadata.id")
```

Set up the account membership in the group:

nebius iam group-membership create \
  --parent-id $GROUP_ID \
  --member-id $SA_ID

Check that the new account has appeared in the group:

nebius iam group-membership list-members \
  --parent-id $GROUP_ID | grep "$SA_ID"

Nebius AI Cloud signup and payments

Identity and Access Management in Nebius AI Cloud

Overview of Nebius AI Cloud

How to add accounts to groups

Prerequisites

Add a user account

Add a service account

Nebius AI Cloud signup and payments

Identity and Access Management in Nebius AI Cloud

Overview of Nebius AI Cloud

​Prerequisites

​Add a user account

​Add a service account

Prerequisites

Add a user account

Add a service account