I am excited to announce the introduction and initial rollout of single sign-on across all our services, including our OpenStack public cloud. Our customers have requested this feature for a very long time, and we're finally able to deliver it to all of them and provide the best possible interaction and service through our cloud.
A lot had to be done behind the scenes to make this feature possible - I'll dive into the whole process in this blog post. However, let me begin by summarizing how customer access used to function previously:
- Every user in our service had access only to a single public cloud account
- The credentials for OpenStack and our billing/customer area were different
- It was not possible to have a user with multiple OpenStack projects
- A user couldn't have access to different OpenStack projects
This system was not ideal, and it caused a lot of confusion to our customers - especially the different sets of credentials. It also meant that some of our customers had to open multiple accounts to have multiple, distinct OpenStack projects.
Starting today, we are rolling out our 'single sign-on infrastructure,' which will allow users to move towards a more secure model by default and remove all the concerns mentioned above. With the new infrastructure:
- There are no "OpenStack" and "customer area" credentials. You will simply use your "customer area" credentials to log in directly to OpenStack.
- There are two distinct resources, an "account" and a "user." An "account" can have many "users," with one being the account owner.
- You may invite other users into your account. Once they accept the invite, they can use your project even with their own credentials.
- A user may have access to multiple accounts.
- You can log in to OpenStack Horizon with your customer area credentials.
The above additions introduce a vast number of advantages. Firstly, you can have multiple OpenStack projects within a single account. You may also have multiple users inside those accounts. Also, those users can access the projects using their own credentials.
For example, if you have a team of five members, all of them can create their own user profiles, and the account owner can invite them all to manage the specific account on behalf of the team. Additionally, the same five users can also log in to different accounts they are invited to, or their own personal accounts.
This change means that all web-facing authentications are now using OpenID connect, and all authentications and authorizations are being handled by it. Hence, we strongly recommend using application credentials for Machine and CLI access when you create an account. Those credentials can easily be revoked, and they can even have expiration dates on them.
The legacy option of logging in via an existing username and password is still available via Horizon. However, we strongly recommend that you begin logging in using "VEXXHOST ID" as eventually, this will be the primary means of authentication. If you have a team that was sharing credentials, it's probably best for them all to create separate accounts and for you to invite them into it so they can log in with their own credentials and manage as needed.
I'm super excited that this feature has finally been rolled out for our customers - there's so much more to come in terms of improving user experience and interaction with our public cloud. So, stay tuned for future updates. I also want to extend a big thank you to our customers who have helped us nail down those use cases from their usage patterns and to our team to build out the necessary infrastructure to make this feature possible!
VEXXHOST Cloud Solutions
As a reputed IaaS provider, we ensure that our clients get the best cloud solutions and this new step of single sign-on is testament to that. At VEXXHOST, we provide cloud solutions for a multitude of clients worldwide. We provide OpenStack-based clouds, including public clouds and dedicated and highly secure private cloud environments, ensuring utmost security and agility.
Take advantage of our limited-time deal just to set up a one-time, OpenStack-based private cloud deployment - at 50% off! The cloud will be running on the latest OpenStack release, Wallaby, which allows you to run Kubernetes and VMs in the same environment, and can be deployed in your own data centers with your hardware. Furthermore, all these will be deployed and tested in under a month!
What are you waiting for? Learn more!