Identity and access management

Identity and access management

Identity and access management (IAM) provides a central point of users and permissions management of the Docker Enterprise (DE) Container Cloud cluster resources in a granular and unified manner. Also, IAM provides infrastructure for single sign-on user experience across all DE Container Cloud web portals.

IAM for DE Container Cloud consists of the following components:

Keycloak
  • Provides the OpenID Connect endpoint

  • Integrates with an external Identity Provider (IdP), for example, existing LDAP or Google Open Authorization (OAuth)

  • Stores roles mapping for users

IAM controller
  • Provides IAM API with data about DE Container Cloud projects

  • Handles all role-based access control (RBAC) components in Kubernetes API

IAM API

Provides an abstraction API for creating user scopes and roles