AIStor Identity Management
AIStor supports multiple identity providers for authenticating users and applications. You can use the built-in identity management system, integrate with external identity providers, or combine multiple providers to support different groups of users.
See Identity and Access Management for an overview of how identity and access control work together in AIStor.
Identity providers
AIStor supports the following identity providers:
| Provider | Description |
|---|---|
| Built-in | Manage users and groups directly within AIStor using access key and secret key credentials. |
| OpenID Connect (OIDC) | Integrate with OIDC-compatible identity providers such as Okta, Auth0, Keycloak, or Google. |
| Active Directory/LDAP | Authenticate users against Active Directory or LDAP directory services. |
| Authentication plugin | Implement custom authentication logic with an external identity management plugin. |
Multiple identity providers
AIStor supports configuring multiple identity providers simultaneously. You can implement built-in user management together with one or more external identity providers to support different user groups or authentication requirements.
AIStor supports using any combination of the following providers:
| Provider Type | Multiple Allowed | Notes |
|---|---|---|
| Built-in users | N/A | Always available for direct S3 access |
| AD/LDAP | Yes | Each with a unique configuration name |
| OpenID (role-based) | Yes | Each with a unique Role ARN |
| OpenID (claim-based) | One only | Can combine with role-based providers |
| Authentication plugins | Yes | External authentication services |