1.8. Viewing the list of OpenStack Identity domains and users

Use the openstack domain list command to list the available entries. Configuring multiple domains in Identity Service enables a new Domain field in the dashboard login page. Users are expected to enter the domain that matches their login credentials.


After you complete the integration, you need to decide whether to create new projects in the Default domain or in newly created keystone domains. You must consider your workflow and how you administer user accounts. If possible, use the Default domain as an internal domain to manage service accounts and the admin project, and keep your external users in a separate domain.

In this example, external accounts need to specify the LAB domain. The built-in keystone accounts, such as admin, must specify Default as their domain.


  1. Show the list of domains:

    # openstack domain list
    | ID                               | Name    | Enabled | Description                                                          |
    | 6800b0496429431ab1c4efbb3fe810d4 | LAB     | True    |                                                                      |
    | default                          | Default | True    | Owns users and projects available on Identity API v2. |
  2. Show the list of users in a specific domain. This command example specifies the --domain LAB and returns users in the LAB domain that are members of the grp-openstack group:

    # openstack user list --domain LAB

    You can also append --domain Default to show the built-in keystone accounts:

    # openstack user list --domain Default