Overview
Xloud Identity is the authentication and authorization backbone of the Xloud Cloud Platform. Every API request, Dashboard login, and CLI command is validated against Xloud Identity before any resource operation proceeds. It manages the complete access control lifecycle — from issuing scoped tokens to enforcing fine-grained role-based policies across every service.Prerequisites
- An active Xloud account with admin or project-member privileges
- Access to the Xloud Dashboard (
https://connect.<your-domain>) oropenstackCLI - For administration tasks: XDeploy access and admin credentials
What Xloud Identity Provides
Authentication
Token-based authentication with configurable backends — local SQL, LDAP, and federated
identity providers.
Authorization
Role-based access control (RBAC) with fine-grained policy rules governing every
service operation across all projects.
Multi-Domain Tenancy
Hierarchical domain and project structure supporting full organizational separation
across teams, departments, and customers.
Federation
Single sign-on integration with SAML 2.0 and OpenID Connect identity providers for
enterprise directory integration.
Application Credentials
Non-interactive, scoped credentials for automation pipelines, CI/CD, and service
accounts — without exposing user passwords.
Service Catalog
Centralized registry of all Xloud service endpoints, enabling clients to discover
the correct API address for each region and interface.
Core Concepts
| Concept | Description |
|---|---|
| Domain | Top-level administrative boundary. Contains projects, users, and groups. The Default domain is created during deployment. |
| Project | Resource namespace for billing, quotas, and access isolation. All cloud resources belong to a project. |
| User | A human or service account identity. Users authenticate and receive tokens scoped to a project or domain. |
| Role | Named set of permissions. Roles are assigned to users or groups within a project or domain. |
| Token | A time-limited bearer credential issued after successful authentication. Tokens encode the scope (project/domain) and role assignments. |
| Group | A collection of users. Role assignments on a group propagate to all members. |
| Application Credential | A delegated credential bound to a user’s roles, used for non-interactive automation without password exposure. |
How Authentication Works
Every token carries a and a set of role assignments. Services validate the token on every request and enforce the platform’s RBAC policies before executing any operation.Guides
User Guide
Manage projects, users, roles, application credentials, and multi-factor authentication
from the Dashboard and CLI.
Admin Guide
Configure authentication backends, domains, token policies, federation, and security
hardening for production deployments.
Authentication & CLI
Source credentials, configure the
openstack CLI, and authenticate to the Xloud
Dashboard.Compute Service
Learn how Xloud Identity tokens authorize access to compute resources and instances.