--- title: Managing cloud resources description: When you register a cloud account the PingOne Privilege controller periodically scans the account to discover its resources. component: privilege page_id: privilege:privileged-access-management:admin-tasks/cloud-accounts canonical_url: https://docs.pingidentity.com/privilege/privileged-access-management/admin-tasks/cloud-accounts.html revdate: February 16, 2026 section_ids: targets: Targets configuring-targets: Configuring targets for access onboarding-target-resources: Onboarding target resources with-cloud-tags: Register using cloud provider tags with-admin-portal: Register using the admin portal resources: Resources --- # Managing cloud resources When you register an Amazon Web Services (AWS), Google Cloud Platform (GCP), or Azure account, the PingOne Privilege controller periodically scans the account to discover its resources. These discovered cloud assets are categorized and displayed in two sections of the PingOne Privilege admin console: * [Targets](#targets) * [Resources](#resources) ## Targets The Targets section of the admin console contains resources that users sign on to, including: * Servers, via SSH * Windows servers, via RDP * Databases * Kubernetes clusters * Kafka clusters * Application roles ### Configuring targets for access Target resources must be regiastered and configured before users can access them using the self-service portal. This involves several key configuration steps: * Register [target resources](#onboarding-target-resources) to make them visible and manageable. * Configure [gateways and relays](../../configuration/network-infrastructure.html) to provide secure access paths. * Enable [certificate-based SSH](../../configuration/access-protocols/ssh.html) for Linux and macOS servers. * Set up [database access](../../configuration/cloud-accounts/database-access.html) for supported database types. ### Onboarding target resources Register target resources with PingOne Privilege to make them available for self-service. When you register a resource, it appears in the Targets menu of the admin console. Register target resources using: * [Cloud provider tags](#with-cloud-tags) * [PingOne Privilege admin console](#with-admin-portal) #### Register using cloud provider tags You can automatically register target resources by assigning a specific tag to resources within your AWS, GCP, or Azure accounts. The PingOne Privilege platform discovers and manages resources with the following tag and value pair: * **Tag**: `PingOne Privilege` * **Value**: `managed` #### Register using the admin portal To use the admin console to register individual target resources: 1. In the PingOne Privilege admin console, click Targets. 2. (Optional) Filter resources using any of the following: **Access status:** Select the Ungranted filter checkbox and ensure the Granted filter checkbox is cleared. **Target type:** Select a target type checkbox, such as server or database. **Cloud provider:** Select a Cloud Provider icon. **Cloud account:** Select the specific account from the Account list. 3. Use the list to locate the resource to register and then click **More Info**. 4. On the resource details page, click the **Managed** toggle in the upper-right corner. | | | | - | ---------------------------------------------------------------------------------------------- | | | Use the search bar to find a specific resource quickly before clicking More Info to manage it. | ## Resources The Resources section of the admin console displays cloud assets that do not require users to sign on, such as: * Storage buckets * Serverless functions * Related platform services Access to these resources is managed using temporary cloud provider identity and access management (IAM) roles. Once access is allowed, you can use resources via a command-line interface (CLI) or the cloud provider's web console.