Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

2.5. Identity

This section outlines the top new features for the Identity service.
Documentation - Keystone Federation with RH-SSO
Detailed documentation for director-based deployments of Identity Service (keystone) backed by Red Hat Single Sign On. This guide describes SAML-based federation and uses Red Hat Single Sign-On (RH-SSO) as the external identity provider: Federate with Identity Service
Domain-Specific Roles
Allows role definition to be limited to a specific domain, or a project with a domain. Domain-specific roles grant you more granular control when defining rules for roles, allowing the roles to act as aliases for the existing prior roles.
Implied Roles
Implied roles means that your role assignments are processed cumulatively. For example, if a user has the admin role on a project, they would also be a _member_ of that project, even though the _member_ role was not explicitly assigned. This is because an inference rule can be set saying that assignment of one role implies the assignment of another. This feature is expected to make role management much easier for admins.