Manage Users

Overview

User accounts in Xloud Identity represent individual humans or service identities that authenticate against the platform. Each user belongs to a domain, can be a member of multiple projects with different roles, and can hold application credentials for non-interactive access. This guide covers creating users, assigning roles, and managing the full user lifecycle.

Prerequisites

An active Xloud account with appropriate permissions
Access to the Xloud Dashboard (https://connect.<your-domain>) or CLI configured with credentials
API credentials sourced (source admin-openrc.sh)

Create a User

Dashboard
CLI

Open User Management

Log in to the Xloud Dashboard (https://connect.<your-domain>) and navigate to Identity → Users. Click Create User.

Configure the user

Field	Description
Username	Login identifier. Must be unique within the domain.
Email	Used for password reset and notifications.
Password	Initial password. Communicate securely to the user.
Primary Project	Default project context on login.
Enabled	Must be toggled on for the user to authenticate.

Submit the form

Click Create User. The new account appears immediately in the user list.

The user can now authenticate using their credentials.

Authenticate

Source your credentials file to authenticate with the Xloud platform:

Load credentials

source admin-openrc.sh

Download the OpenRC file from Xloud Dashboard → Project → API Access → Download OpenStack RC File.

Create the user

Create user with password prompt

openstack user create \
  --domain Default \
  --project backend-prod \
  --password-prompt \
  --email alice@example.com \
  alice

The --password-prompt flag avoids exposing the password in shell history. The CLI will interactively prompt for the password securely.

Verify user creation

Show user details

openstack user show alice

The output shows enabled: True — the user is active and can authenticate.

Assign Roles to Users

Roles determine what a user can do within a project. Assign the minimum role necessary for the user’s responsibilities.

Dashboard
CLI

Navigate to Identity → Projects, open the target project, and select the Members tab. Click Add Member, select the user, and select a role.

Role	Capability
`admin`	Full project administration — manage resources, users, and quotas
`member`	Standard access — create and manage resources within the project
`reader`	Read-only — suitable for monitoring, auditing, and dashboards

Assign member role to user in project

openstack role add \
  --project backend-prod \
  --user alice \
  member

List all role assignments for a user

openstack role assignment list \
  --user alice \
  --names

Grant reader access to another project

openstack role add \
  --project monitoring \
  --user alice \
  reader

A user can hold different roles in different projects simultaneously. The token scope determines which role is active for each API request.

Update User Accounts

Dashboard
CLI

Open a user in Identity → Users and click Edit User to modify their email, primary project, or enabled state. Use Change Password to set a new password.

openstack user set --email newemail@example.com alice

Deleting a user does not delete resources they own. Orphaned instances, volumes, and networks must be reassigned or cleaned up manually before removing the account.

List and Audit Users

Regularly review active user accounts and role assignments as part of access governance.

List all users in the Default domain

openstack user list --domain Default

List all users with their enabled status

openstack user list -c Name -c Enabled

Audit all role assignments across all projects

openstack role assignment list --names

Run quarterly access reviews using openstack role assignment list --names to identify accounts with elevated roles that may no longer be required.

Next Steps

Projects

Create projects and manage team membership with role assignments.

Application Credentials

Create non-interactive credentials for automation pipelines and CI/CD systems.

Multi-Factor Authentication

Enable TOTP-based two-factor authentication for enhanced user account security.

Troubleshooting

Resolve authentication failures, permission errors, and token scope issues.

Core Services

Other Services

Manage Users

Overview

Create a User

Open User Management

Configure the user

Submit the form

Authenticate

Create the user

Verify user creation

Assign Roles to Users

Update User Accounts

List and Audit Users

Next Steps

Projects

Application Credentials

Multi-Factor Authentication

Troubleshooting

Core Services

Other Services

​Overview

​Create a User

Open User Management

Configure the user

Submit the form

Authenticate

Create the user

Verify user creation

​Assign Roles to Users

​Update User Accounts

​List and Audit Users

​Next Steps

Projects

Application Credentials

Multi-Factor Authentication

Troubleshooting

Overview

Create a User

Assign Roles to Users

Update User Accounts

List and Audit Users

Next Steps