Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.xloud.tech/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Xloud Identity administration covers every layer of the authentication and authorization stack — from the backend that validates credentials to the policies that govern what each role can do. Use the guides below to configure your deployment, manage domains, secure token issuance, and troubleshoot platform-level issues.
Administrator Access Required — This operation requires the admin role. Contact your Xloud administrator if you do not have sufficient permissions.

Architecture

Service topology, component roles, and data flow through the Identity stack.

Authentication Backends

Configure SQL, LDAP, SAML 2.0, and OpenID Connect authentication drivers.

Domain Management

Create and manage organizational domains with independent user namespaces.

Token Configuration

Configure Fernet key rotation, token lifetime, and expiration policies.

Service Catalog

Manage endpoint registration for all Xloud services across regions and interfaces.

Federation

Integrate SAML 2.0 and OIDC identity providers for enterprise single sign-on.

Policy Management

Customize service-level policy rules to control which roles can perform each API operation.

Extended RBAC

Fine-grained per-action privileges, custom roles, and tag-conditioned grants — beyond the built-in role set.

Security Hardening

Enforce MFA, rotate Fernet keys, audit role assignments, and apply best practices.

Troubleshooting

Resolve token validation failures, LDAP issues, and service catalog misconfigurations.

Quick Reference

TaskCommand
Rotate Fernet keysxavs-ansible deploy --tags keystone-fernet-rotate
List all domainsopenstack domain list
List all usersopenstack user list --domain Default
List all role assignmentsopenstack role assignment list --names
Show service endpointsopenstack endpoint list
Show token expiration configopenstack --os-cloud admin domain show Default

Next Steps

Identity User Guide

Day-to-day operations — projects, users, and application credentials.

Compute Admin Guide

Configure compute hosts, flavors, quotas, and scheduler policies.