2.3 KiB
MinIO Identity Management
minio
Table of Contents
MinIO includes a built-in IDentity Provider (IDP) that provides core identity management functionality. The MinIO IDP supports creating an arbitrary number of long-lived users on the deployment for supporting client authentication.
Each user consists of a unique access key (username) and corresponding secret key (password). Clients must authenticate their identity by specifying both a valid access key (username) and the corresponding secret key (password) of an existing MinIO user.
Administrators use the mc admin user command to create and manage MinIO users.
The MinIO Console <console> provides a
graphical interface for creating users.
MinIO also supports creating access keys
<minio-idp-service-account>. Access Keys are child
identities of an authenticated parent user and inherit their permissions
from the parent.
MinIO by default denies access to all actions or resources not
explicitly allowed by a user's assigned or inherited policies <minio-policy>. You must either
explicitly assign a policy <minio-policy> describing the user's
authorized actions and resources or assign the user to groups
<minio-groups> which have associated policies. See minio-access-management for
more information.
External Identity Management
MinIO supports external management of identities using either an OpenID Connect (OIDC) or Active Directory/LDAP IDentity Provider (IDP). For more information, see:
minio-external-identity-management-openidminio-external-identity-management-ad-ldap
AD/LDAP and OIDC configurations are mutually exclusive. Furthermore,
enabling AD/LDAP external identity management disables the MinIO
internal IDP, with the exception of creating access keys
<minio-idp-service-account>. You can configure multiple
OIDC providers while maintaining MinIO-managed users.
/administration/identity-access-management/minio-user-management.rst /administration/identity-access-management/minio-group-management.rst