User management with OpenStack
OpenStack provides native support for user management through the OpenStack Keystone component. The IBM® Cloud Manager - Self Service interface has its own user management system as well. To make the system compatible and secure, the system is configured to be integrated.
When you first connect to an OpenStack cloud, IBM Cloud Manager - Self Service component imports all the user and tenant accounts that exist in OpenStack. All user roles and project membership are accepted and reflected in the IBM Cloud Manager - Self Service component.
When user management operations take place, the IBM Cloud Manager - Self Service component listens for events that are generated by these actions and takes immediate action to keep the systems in sync. For more information, see http://docs.openstack.org/developer/keystone/event_notifications.html.
To connect to OpenStack, IBM Cloud Manager - Self Service uses a service user account and a default service tenant. Some installations of OpenStack have user accounts specific to OpenStack components (for example, Nova, Keystone or Neutron). These and other service user accounts or service tenants in an OpenStack server that do not represent an actual user account or tenant, can be added to the list of service users and service tenants. By doing so, they are ignored by IBM Cloud Manager with OpenStack and those service users are not allowed to log in to IBM Cloud Manager - Self Service. To make this change, add the service users and tenants to the comma-separated list of users in the com.ibm.cfs.cloud.openstack.service.users property, or the comma-separated list of tenants in the com.ibm.cfs.cloud.openstack.service.tenants property, within the openstack.properties file.