Managing identity providers

Besides creating local users manually, you can add users from external identity providers and automatically map them to local domain groups. User authentication is based on the Implicit Flow of the OpenID Connect (OIDC) protocol.

Users imported from identity providers are called Federated, that is, shared between different identity management systems. Unlike local users, federated users do not have credentials set in Virtuozzo Hybrid Infrastructure. They log in to the admin or self-service panels by using their respective credentials from the primary identity management system. The set of actions available to federated users is defined by the roles you assign to their local domain groups.

Limitations

  • Only Microsoft Active Directory Federation Services (AD FS) identity providers are supported.
  • When federated users are removed by their identity provider, they are not automatically deleted from the infrastructure.