Integration with Mirantis Container Cloud IAM

MOSK integrates with Mirantis Container Cloud Identity and Access Management (IAM) subsystem to allow centralized management of users and their permissions across multiple clouds.

The core component of Container Cloud IAM is Keycloak, the open-source identity and access management software. Its primary function is to perform secure authentication of cloud users against its built-in or various external identity databases, such as LDAP directories, OpenID Connect or SAML compatible identity providers.

By default, every MOSK cluster is integrated with the Keycloak running in the Container Cloud management cluster. The integration automatically provisions the necessary configuration on the MOSK and Container Cloud IAM sides, such as the os client object in Keycloak. However, for the federated users to get proper permissions after logging in, the cloud operator needs to define the role mapping rules specific to each MOSK environment.

See also

• Mirantis Container Cloud Reference Architecture: Identity and access management

• Mirantis Container Cloud Operations Guide: Available IAM roles and use cases

Connecting to Keycloak

Parameter	features:keystone:keycloak
Usage	Defines parameters to connect to the Keycloak identity provider