Closes #639 Closes #635 Partially Addresses #590 - MINIO #16026 https://github.com/minio/minio/pull/16026 - MINIO #16044 https://github.com/minio/minio/pull/16044 - MINIO #16035 https://github.com/minio/minio/pull/16035 - CONSOLE #2428 https://github.com/minio/console/pull/2428 Other Fixes: - Removes admonition about IDP interactions (multi-IDP support) - Update Console screenshots and overview page to cover layout changes - Partial fix for DOCS #590 (Policy now under Identity section)
2.1 KiB
MinIO Identity Management
minio
Table of Contents
MinIO includes a built-in IDentity Provider (IDP) that provides core identity management functionality. The MinIO IDP supports creating an arbitrary number of long-lived users on the deployment for supporting client authentication.
Each user consists of a unique access key (username) and corresponding secret key (password). Clients must authenticate their identity by specifying both a valid access key (username) and the corresponding secret key (password) of an existing MinIO user.
Administrators use the mc admin user
command to create and manage MinIO users.
The MinIO Console <console>
provides a
graphical interface for creating users.
MinIO also supports creating access keys
<minio-idp-service-account>
. Access Keys are child
identities of an authenticated parent user and inherit their permissions
from the parent.
MinIO by default denies access to all actions or resources not
explicitly allowed by a user's assigned or inherited policies <minio-policy>
. You must either
explicitly assign a policy <minio-policy>
describing the user's
authorized actions and resources or assign the user to groups
<minio-groups>
which have associated policies. See minio-access-management
for
more information.
External Identity Management
MinIO supports external management of identities using either an OpenID Connect (OIDC) or Active Directory/LDAP IDentity Provider (IDP). For more information, see:
minio-external-identity-management-openid
minio-external-identity-management-ad-ldap
Enabling external identity management disables the MinIO internal
IDP, with the exception of creating access keys
<minio-idp-service-account>
.
/administration/identity-access-management/minio-user-management.rst /administration/identity-access-management/minio-group-management.rst