Overview
Xloud Identity controls who can access your cloud environment and what they are permitted to do. Use the guides below to manage projects, users, application credentials, and multi-factor authentication from the Dashboard or CLI.Projects
Create and manage resource namespaces, add team members, and assign roles within each project.
Users
Create user accounts, set passwords, assign roles, and manage user lifecycle operations.
Application Credentials
Generate scoped credentials for CI/CD pipelines, automation, and service accounts without embedding passwords.
Multi-Factor Authentication
Enable TOTP-based two-factor authentication for enhanced account security.
Troubleshooting
Resolve authentication failures, permission errors, and token scope issues.
Key Concepts
Domains, Projects, and Users
Domains, Projects, and Users
| Concept | Scope | Description |
|---|---|---|
| Domain | Top-level | Administrative boundary. Separates organizations, business units, or customers. |
| Project | Within a domain | Resource namespace for quotas, billing, and access control. All instances, volumes, and networks belong to a project. |
| User | Within a domain | An identity (human or service) that authenticates and receives tokens scoped to a project. |
| Group | Within a domain | A collection of users. Role assignments on a group apply to all members. |
| Role | Assignment | Named permission set. Common roles: admin, member, reader. |
| Token | Session | A scoped, time-limited bearer credential issued after successful authentication. |
| Service Catalog | Token payload | Lists every Xloud service endpoint available to the authenticated user in the current scope. |
Role Hierarchy
Role Hierarchy
Xloud Identity ships with three built-in roles:
| Role | Capability |
|---|---|
admin | Full management rights within the assigned scope (project or domain). Can create, modify, and delete all resources. |
member | Standard user. Can create and manage resources within the project. Cannot manage users or quotas. |
reader | Read-only access. Cannot create or modify any resource. Suitable for monitoring and audit use cases. |
Next Steps
Identity Admin Guide
Configure LDAP, federation, token policies, and security hardening for your Xloud Identity deployment.
Authentication & CLI
Source credentials and configure the
openstack CLI for your environment.