minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-04-25 17:22:39 +03:00
Code
docs/source/security/iam-overview.rst
Ravind Kumar ea01909527 SDK import, Nav cleanups, DOCS-417
2022-02-08 16:38:35 -05:00

2.8 KiB
Raw Permalink Blame History

Identity and Access Management

minio

Table of Contents

MinIO requires clients authenticate using AWS Signature Version 4 protocol <sig-v4-authenticating-requests.html> with support for the deprecated Signature Version 2 protocol. Specifically, clients must authenticate by presenting a valid access key and secret key to access any S3 or MinIO administrative API, such as PUT, GET, and DELETE operations. S3-compatible SDKs, including those provided by MinIO, typically include built-in helpers for creating the necessary signatures using an access key and secret key.

MinIO supports both internal and external identity management:

IDentity Provider (IDP) Description
MinIO Internal IDP <minio-internal-idp> Provides built-in identity management functionality.
OpenID <minio-external-identity-management-openid> Supports managing identities through an OpenID Connect (OIDC) compatible service.
Active Directory / LDAP <minio-external-identity-management-ad-ldap> Supports managing identities through an Active Directory or LDAP service.

Once authenticated, MinIO either allows or rejects the client request depending on whether or not the authenticated identity is authorized to perform the operation on the specified resource.

MinIO uses Policy-Based Access Control (PBAC) to define the authorized actions and resources to which an authenticated user has access. Each policy describes one or more actions <minio-policy-actions> and conditions <minio-policy-conditions> that outline the permissions of a user <minio-users> or group <minio-groups> of users. By default, MinIO denies access to actions or resources not explicitly referenced in a user's assigned or inherited policies. MinIO manages the creation and storage of policies and does not support external authorization management.

MinIO PBAC is built for compatibility with AWS IAM policy syntax, structure, and behavior. The MinIO documentation makes a best-effort to cover IAM-specific behavior and functionality. Consider deferring to the IAM documentation <> for more complete documentation on IAM, IAM policies, or IAM JSON syntax.

/security/minio-identity-management/basic-authentication-with-minio-identity-provider /security/openid-external-identity-management/external-authentication-with-openid-identity-provider /security/ad-ldap-external-identity-management/external-authentication-with-ad-ldap-identity-provider