1
0
mirror of https://github.com/minio/docs.git synced 2025-08-08 01:43:18 +03:00
Files
docs/source/administration/identity-access-management/minio-identity-management.rst
Ravind Kumar 1cfda2e9dc RELEASE: Multiple Issues (#647)
Closes #639 
Closes #635 
Partially Addresses #590 

- MINIO #16026 https://github.com/minio/minio/pull/16026
- MINIO #16044 https://github.com/minio/minio/pull/16044
- MINIO #16035 https://github.com/minio/minio/pull/16035
- CONSOLE #2428 https://github.com/minio/console/pull/2428

Other Fixes:

- Removes admonition about IDP interactions (multi-IDP support)
- Update Console screenshots and overview page to cover layout changes
- Partial fix for DOCS #590 (Policy now under Identity section)
2022-11-23 14:51:47 -05:00

2.1 KiB

MinIO Identity Management

minio

Table of Contents

MinIO includes a built-in IDentity Provider (IDP) that provides core identity management functionality. The MinIO IDP supports creating an arbitrary number of long-lived users on the deployment for supporting client authentication.

Each user consists of a unique access key (username) and corresponding secret key (password). Clients must authenticate their identity by specifying both a valid access key (username) and the corresponding secret key (password) of an existing MinIO user.

Administrators use the mc admin user command to create and manage MinIO users. The MinIO Console <console> provides a graphical interface for creating users.

MinIO also supports creating access keys <minio-idp-service-account>. Access Keys are child identities of an authenticated parent user and inherit their permissions from the parent.

MinIO by default denies access to all actions or resources not explicitly allowed by a user's assigned or inherited policies <minio-policy>. You must either explicitly assign a policy <minio-policy> describing the user's authorized actions and resources or assign the user to groups <minio-groups> which have associated policies. See minio-access-management for more information.

External Identity Management

MinIO supports external management of identities using either an OpenID Connect (OIDC) or Active Directory/LDAP IDentity Provider (IDP). For more information, see:

  • minio-external-identity-management-openid
  • minio-external-identity-management-ad-ldap

Enabling external identity management disables the MinIO internal IDP, with the exception of creating access keys <minio-idp-service-account>.

/administration/identity-access-management/minio-user-management.rst /administration/identity-access-management/minio-group-management.rst