Managing users and groups

Enterprise DC/OS Updated: June 13, 2017

Enterprise DC/OS can manage two types of users:

  • Local: local user accounts exist only in DC/OS.

  • External: DC/OS stores only the user’s ID or user name, along with other DC/OS-specific information, such as permissions and group membership. DC/OS never receives or stores the passwords of external users. Instead, it delegates the verification of the user’s credentials to one of the following: LDAP directory, SAML, or OpenID Connect.

Enterprise DC/OS also allows you to create groups of users and import groups of users from LDAP. Groups can make it easier to manage permissions. Instead of assigning permissions to each user account individually, you can assign the permissions to an entire group of users at once.

Importing groups from LDAP makes it easier to add external users.

Adding local users

Adding local users by using the GUI Log in as a user with the superuser permission. Select Organization > Users and create a new user. Type in the user’s full name, username,...

Adding external users

After you have configured a directory service or an identity provider, you can add the users to DC/OS so that you can assign permissions. Prerequisites An external LDAP directory. ...

Resetting the Superuser

You can reset an existing user or create a new user with the DC/OS reset superuser script. This is helpful if the superuser account becomes locked or invalid. Prerequisite: You mus...