Learn about the different types of identities that can be managed from your OVHcloud account.
Requirements
Instructions
Understanding identities
Several types of identities can interact with OVHcloud products:
OVHcloud account
This is the primary identity used to log in to the OVHcloud Control Panel. The OVHcloud account can also be referred to as a NIC or NIC-handle in the documentation.
This identity acts as a root account and cannot have its rights restricted, regardless of the access policies implemented.
Local users
Local users are identities associated with your OVHcloud account. These accounts are designed for human interaction with OVHcloud products, as they are based on login/password authentication, and access rights depend on the IAM policies implemented.
The configuration of local users is detailed in the dedicated documentation.
You can also use them to log in to the OVHcloud APIs by generating a token associated with the user. The rights of this token can be limited to a specific scope in addition to IAM policies.
For an application based on a token linked to a local user to use an OVHcloud API, the token must integrate it within its scope AND for the user who created the token to have rights on this API.
Local users can also be referred to as sub-users in the documentation.
Service accounts
Service accounts are identities associated with your OVHcloud account. These accounts are designed for machine interactions with OVHcloud products, as they are based on client/token authentication, and access rights depend on the IAM policies implemented.
The creation of service accounts is covered in dedicated documentation.
A service account can then be used for login on OVHcloud APIs as well as on third-party APIs such as those exposed by OpenStack.
Logging in with service accounts is not yet supported on SDKs and Terraform providers.
Federated users
These are user accounts from an identity federation. These users come from a third-party directory and are therefore not managed directly by OVHcloud. Their access rights depend on the IAM policies implemented.
Federated users are represented by user groups in rights management.
User groups
The different identities can be associated in user groups to make them easier to manipulate. Configuring user groups is covered in the local users management documentation.
Go further
For more information and tutorials, please see our other User Management & Federation or Manage and Operate guides, or explore the guides for other OVHcloud products and services.