Overview
Xloud Identity administration covers every layer of the authentication and authorization stack — from the backend that validates credentials to the policies that govern what each role can do. Use the guides below to configure your deployment, manage domains, secure token issuance, and troubleshoot platform-level issues.Architecture
Service topology, component roles, and data flow through the Identity stack.
Authentication Backends
Configure SQL, LDAP, SAML 2.0, and OpenID Connect authentication drivers.
Domain Management
Create and manage organizational domains with independent user namespaces.
Token Configuration
Configure Fernet key rotation, token lifetime, and expiration policies.
Service Catalog
Manage endpoint registration for all Xloud services across regions and interfaces.
Federation
Integrate SAML 2.0 and OIDC identity providers for enterprise single sign-on.
Policy Management
Customize RBAC policies to control which roles can perform each API operation.
Security Hardening
Enforce MFA, rotate Fernet keys, audit role assignments, and apply best practices.
Troubleshooting
Resolve token validation failures, LDAP issues, and service catalog misconfigurations.
Quick Reference
| Task | Command |
|---|---|
| Rotate Fernet keys | xavs-ansible deploy --tags keystone-fernet-rotate |
| List all domains | openstack domain list |
| List all users | openstack user list --domain Default |
| List all role assignments | openstack role assignment list --names |
| Show service endpoints | openstack endpoint list |
| Show token expiration config | openstack --os-cloud admin domain show Default |
Next Steps
Identity User Guide
Day-to-day operations — projects, users, and application credentials.
Compute Admin Guide
Configure compute hosts, flavors, quotas, and scheduler policies.