Identity Provider
OneCloud platform supports managing multiple identity provider, such as LDAP, Dingtalk, Lark, WeCom, etc. It supports signing in OneCloud platform through third-party applications such as sweeping code.
IAM
IAM mainly includes authentication source, domain, project, group, user, permission, role and other information.
Among them, the domain, project, and user relationships in the cloud management platform are shown in the following figure.
- Multiple domains are supported in the cloud management platform, the default domain is default, you can create domains according to your needs.
- A domain contains multiple projects and multiple users, users can only join projects in the corresponding domain (except system projects).
- A user can join multiple projects and use the resources in different projects by switching projects.
Domains
A domain is a logical concept of a cloud management platform based on multi-tenancy. A domain contains a complete set of logical autonomy.
Projects
Project is the owner of the resource. The resources on the OneCloud platform are served to users as projects.
Groups
A group is a collection of users of a class.
Users
Users are the administrators and direct users of the resource.
Roles
A role is a set of permissions. The role a user has when joining a project determines the permissions the user has in the project.
Policies
Policies define the rights to operate on resources on the platform.