minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-31 18:04:52 +03:00
Code Activity
Files
make-ci
docs/source/administration/identity-access-management/minio-identity-management.rst
Ravind Kumar 76438cc17f Improve guidance on AD/LDAP interaction with MinIO IDP
2023-11-17 11:07:24 -05:00

58 lines
2.3 KiB
ReStructuredText
Raw Permalink Blame History

.. _minio-internal-idp:
=========================
MinIO Identity Management
=========================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
MinIO includes a built-in IDentity Provider (IDP) that provides core identity
management functionality. The MinIO IDP supports creating an arbitrary number of
long-lived users on the deployment for supporting client authentication.
Each user consists of a unique access key (username) and corresponding secret
key (password). Clients must authenticate their identity by specifying both
a valid access key (username) and the corresponding secret key (password) of
an existing MinIO user.
Administrators use the :mc:`mc admin user` command to create and manage
MinIO users. The :minio-git:`MinIO Console <console>` provides a graphical
interface for creating users.
MinIO also supports creating :ref:`access keys
<minio-idp-service-account>`. Access Keys are child identities of an
authenticated parent user and inherit their permissions from the parent.
MinIO by default denies access to all actions or resources not explicitly
allowed by a user's assigned or inherited :ref:`policies <minio-policy>`. You
must either explicitly assign a :ref:`policy <minio-policy>` describing the
user's authorized actions and resources *or* assign the user to :ref:`groups
<minio-groups>` which have associated policies. See
:ref:`minio-access-management` for more information.
.. admonition:: External Identity Management
:class: note
MinIO supports external management of identities using either an
OpenID Connect (OIDC) or Active Directory/LDAP IDentity Provider (IDP).
For more information, see:
- :ref:`minio-external-identity-management-openid`
- :ref:`minio-external-identity-management-ad-ldap`
AD/LDAP and OIDC configurations are mutually exclusive.
Furthermore, enabling AD/LDAP external identity management disables the MinIO internal IDP, with the exception of creating :ref:`access keys
<minio-idp-service-account>`.
You can configure multiple OIDC providers while maintaining MinIO-managed users.
.. toctree::
:titlesonly:
:hidden:
/administration/identity-access-management/minio-user-management.rst
/administration/identity-access-management/minio-group-management.rst
View Git Blame Copy Permalink