Domain and local users

ECS supports for local user and domain users. Local and domain users can be assigned as management users or object users.

The ECS self-service capability authenticates domain users and enables domain users to create a secret key for themselves. When a domain user creates their own secret key, they become an object user in the ECS system. You can use AD and LDAP to give many users from an existing user database access to the ECS object store (as object users). Without creating each user individually.

NOTE: Domain users that are object users must be added (mapped) into a namespace. For more information, see Add domain users into a namespace.

ECS stores credentials of local users. The credentials for object users are global resources and are available from all VDCs in ECS.

Domain users are defined in an Active Directory AD or LDAP database. Domain usernames are defined by using the user@domain.com format. Usernames without @ are authenticated against the local user database. ECS uses an authentication provider to supply the credentials to communicate with the AD or LDAP server to authenticate a domain user login request. Domain users assigned to management roles can be authenticated against their AD or LDAP credentials to enable them to access ECS and perform ECS administration operations.

With single login sessions, Management users can switch between federated VDCs, except the Management users who have only Security Administrator role.