DC/OS Enterprise can manage two types of users:
Local: local user accounts exist only in DC/OS.
External: DC/OS stores only the user’s ID or user name, along with other DC/OS-specific information, such as permissions and group membership. DC/OS never receives or stores the passwords of external users. Instead, it delegates the verification of the user’s credentials to one of the following: LDAP directory, SAML, or OpenID Connect.
All users must have a unique identifier, i.e., a user ID or user name. Because DC/OS needs to pass the user’s name or ID in URLs, it cannot contain any spaces or commas. Only the following characters are supported: lowercase alphabet, uppercase alphabet, numbers,
DC/OS Enterprise also allows you to create groups of users and import groups of users from LDAP. Groups can make it easier to manage permissions. Instead of assigning permissions to each user account individually, you can assign the permissions to an entire group of users at once.
Importing groups from LDAP makes it easier to add external users.
Adding local users
Describes how to add a local user account. …Read More
Adding external users
Once you have configured a directory service or an identity provider, you should add the users to DC/OS so that you can assign them permissions. …Read More
Configuring Linux users for user services via Marathon app definition
Discusses what Linux user owns the sandbox and executes tasks by default and how to modify it. …Read More