Overview
Project and user management in the Dashboard is performed under Admin → Identity (or Identity in the left sidebar). Admins can create projects (tenants), create user accounts, manage group memberships, and assign roles to control what operations each user can perform within each project.Prerequisites
adminrole in the target domain- For domain management:
adminrole at the cloud level
Projects
Projects (also called tenants) are the primary resource isolation boundary — instances, volumes, networks, and quotas are all scoped to a project.Create a Project
Open Project list
Navigate to Admin → Identity → Projects (or Identity → Projects). Click Create Project.
Fill in project details
| Field | Description |
|---|---|
| Name | Unique project name (e.g., dev-team, production) |
| Description | Optional description |
| Enabled | Toggle on to activate immediately |
| Domain | Parent domain (usually Default) |
Project Members tab
Add users and groups to the project and assign roles during creation. You can also do this later.
Quotas tab
Set resource quotas for the project. Leave blank to inherit defaults. See Quotas for details.
Modify a Project
In the project row, open Actions:| Action | Description |
|---|---|
| Edit Project | Change name, description, enabled state |
| Modify Users | Add/remove users and their roles |
| Modify Groups | Add/remove groups and their roles |
| Modify Quotas | Adjust resource limits |
| Delete Project | Permanently deletes the project and all its resources |
Deleting a project is irreversible. All instances, volumes, networks, and other resources in the project are permanently deleted. Verify that the project is fully decommissioned before deletion.
Users
Create a User
Fill in user details
| Field | Description |
|---|---|
| Domain | Identity domain for this user (usually Default) |
| User Name | Login username |
| Description | Optional |
| User email address | |
| Password | Initial password — user should change on first login |
| Primary Project | Default project context after login |
| Role | Initial role assignment in the primary project |
| Enabled | Toggle on to allow login |
Manage User Roles
Role assignments connect a user to a project with a specific permission level.- From the User
- From the Project
In the user row, open Actions → Edit User and navigate to the Role Assignments section.You can also add/remove project assignments from here.
Standard Roles
| Role | Capabilities |
|---|---|
admin | Full administrative access to all resources and operations |
member | Standard user — can create and manage resources within a project |
reader | Read-only access — can view resources but not create or modify |
Groups
Groups simplify bulk role management. Assign a group to a project with a role — all group members inherit that role assignment.Create a Group
Open Group management
Navigate to Admin → Identity → Groups and click Create Group. Enter a name and description.
Add members
In the group row, open Actions → Manage Members. Add users from the available list to the group.
Domains
Domains provide a top-level isolation boundary for multi-organization or multi-tenant deployments. Each domain has its own users, groups, and projects.Domain management requires cloud-level admin access, not just project-level admin.
| Field | Description |
|---|---|
| Name | Domain identifier (e.g., customer-a, engineering) |
| Description | Optional |
| Enabled | Disable to prevent all logins in the domain |
admin role to the user scoped to the domain (not project-scoped).
Next Steps
Identity User Guide
User account operations, password management, and profiles
Roles & Permissions
Role definitions, implied roles, and custom role creation
Quotas
Set per-project resource limits
Policy Management
Define fine-grained permissions with oslo.policy rules