Create a VM Instance with a Local Sub-Account

This scenario introduces how to create a VM instance with a local sub-account. Follow these steps:
  1. The platform manager of ZStack Cloud (the admin) creates a local sub-account.
  2. (Optional) The admin modifies quotas for the local sub-account.
  3. The admin shares resources with the local sub-account.
  4. The local sub-account logs in to the Cloud.
  5. The local sub-account creates a VM instance.
  1. The platform manager of ZStack Cloud (the admin) creates a local sub-account.

    On the main menu of ZStack Cloud, choose Settings > Sub-Account Setting > Sub-Account Management. On the Sub-Account page, click Create Sub-Account. Then, the Create Sub-Account page is displayed.

    On the displayed page, set the following parameters:
    • Name: Enter a name for the local sub-account.
    • Description: Optional. Enter a description for the local sub-account.
    • Password: Enter a password for the local sub-account.
    • Confirm Password: Confirm the local sub-account password.
    • Pricing List: Optional. Select a pricing list. If left blank, the default pricing list is used.
    Figure 1. Create Local Sub-account


  2. The admin modifies quotas for the local sub-account.

    The Cloud assigns default resource quotas for each local sub-account. You can customize the quotas to fit your needs. To modify the quotas, navigate to the Sub-Account page and click on a sub-account to access its details page. Under the Sub-Account Quota section, you can see the resource quotas, or the upper resource limit, available to the sub-account. Select a resource type and adjust the quota as needed.

    Figure 2. Modify the Local Sub-Account Quotas


  3. The admin shares resources with the local sub-account.

    By default, the resources created by the admin, including instance offerings, images, and networks, are not shared with sub-accounts. For a sub-account to create a VM instance, the admin must first share these resources with the sub-account. Here is an example of how to share an instance offering, and the same steps can be followed for other resources.

    On the main menu of ZStack Cloud, choose Resource Center > Resource Pool > Compute Configuration > Instance Offering. On the Instance Offering page, locate an instance offering and choose Actions > Set Sharing Mode. Then select the target local sub-account and click OK. You will be able to see this instance offering when you create a VM instance with the local sub-account.

    Figure 3. Share Instance Offering using Admin


    Note: The admin can create various resources and selectively share them with different sub-accounts. This strategy enables efficient resource isolation among multiple accounts.
  4. The local sub-account logs in to the Cloud.

    Click the Logout button in the upper right corner of the browser to log out of the admin account. Then, log in to the Cloud using the newly created local sub-account.

    Figure 4. Sub-Account Login


    Upon logging in with the sub-account, the dashboard will display the available resource information for this account. This information is in line with the quotas managed by the admin.

    Figure 5. Dashboard of the Local Sub-Account


  5. The local sub-account creates a VM instance.
    After you log in to the Cloud with the local sub-account, you can create a VM instance following these steps: Choose Resource Center > Resource Pool > Virtual Resource > VM Instance. On the VM Instance page, click Create VM Instance and finish relevant configurations. For more information, refer to Create a VM Instance in User Guide.
    Note: When you use a sub-account to create a VM instance, you need to either use the admin account to share relevant resources including instance offerings, images, and networks, or create/upload new resources using the sub-account.
Now, you have learned how to create a VM instance with a local sub-account.

Create a VM Instance with an SSO Sub-Account

ZStack Cloud supports seamless access to OIDC authentication systems, allowing OIDC sub-accounts to log in to the Cloud without the password and manage cloud resources.

This scenario introduces how to create a VM instance with an OIDC sub-account. Before you begin, make sure you have added an OIDC authentication server to ZStack Cloud and synchronized its sub-account information. Then, follow these steps:
  1. The OIDC authentication system admin configures ZStack Cloud to be the client of the authentication system.
  2. The platform manager of ZStack Cloud (the admin) adds an OIDC authentication server to the Cloud.
  3. (Optional) The admin modifies quotas for an OIDC sub-account.
  4. The OIDC sub-account logs in to the Cloud without a password.
  5. The OIDC sub-account creates a VM instance.
  1. The OIDC authentication system admin configures ZStack Cloud to be the client of the authentication system.

    To configure ZStack Cloud as a client of the authentication system, you need to log in to the OIDC authentication system using the administrator account and generate a unique Client ID and a Client Secret for the Cloud.

  2. The admin adds an OIDC authentication server to the Cloud.
    Set the following parameters:
    • Name: Enter a name for the SSO server.
    • Description: Optional. Enter a description for the SSO server.
    • Type: Only supports OIDC Server. It is an SSO server that applies the OIDC protocol. It authenticates and authorizes SSO users to log into the Cloud without password and syncs user information to the Cloud based on the mapping rule.
    • Identity Provider: An IdP collects and stores user identity information, such as usernames and passwords, and authenticates user during login.
    • Redirect URL: The URL used to redirect to the Cloud when the authentication server is certified.
    • Redirect Template: The redirect template used to realize a password-free login inside the Cloud platform system. You can modify the IP address and port of this parameter when the Cloud is configured with a reverse proxy.
    • Client ID: Enter the unique ID that the authentication system assigns to the Cloud.
    • Client Secret: Enter the secret that the authentication system assigns to the Cloud.
    • Scope: The Scope is used to specify the scope of user attributes to be obtained when requesting an access token or ID token, such as name, email, phone number, and so on. After specifying the scope, the returned token will contain the corresponding attributes.
    • Authorization Request URL: Enter the request URL used to obtain an authorization grant in authorization code mode.
    • Token Request URL: Enter the request URL used to obtain an access token from the authentication server.
    • Userinfo Request URL: The request URL used to obtain the user information from the authentication server.
    • Logout URL: The URL used to log off sessions after logging out of the Cloud. When logging in to the Cloud again, you need to re-enter the authentication server. If left blank, the login information will not be immediately cleared after logging out of the Cloud, and you can still log in to the Cloud without a password as long as the session is valid.
    • User Mapping Rule: Through the user mapping rule, the third-party user has local user attributes after it is synced to the Cloud. The rule used to map third-party attributes of a third-party user to Cloud local attributes.
      • Name: Specify a rule to map the attribute of OIDC users to the name of Cloud users. The name is the unique identification of a user. Make sure that the name that you fill in also has a unique identity in the authentication system.

        For example, if a Name maps username, the Name whose user is created in the Cloud can use the value (such as Xiaoming) matching username.

      • Description: Optional. Specify a rule to map the attribute of OIDC users to the description of Cloud users.

        For example, if a Description maps description, the Description whose user is created in the Cloud can use the value (such as dev-backend) matching description.

  3. (Optional) The admin modifies quotas for an OIDC sub-accounts.

    The Cloud assigns default resource quotas for each OIDC sub-account. You can customize the quotas to fit your needs. To modify the quotas, navigate to the Sub-Account page and click on a sub-account to access its details page. Under the Sub-Account Quota section, you can see the resource quotas, or the upper resource limit, available to the sub-account. Select a resource type and adjust the quota as needed.

    Figure 1. Modify the OIDC Sub-Account Quotas


  4. The OIDC sub-account logs in to the Cloud without a password.

    Once an OIDC authentication server is added to ZStack Cloud, a Password-free Login URL will be generated. The administrator of the business application system can configure this URL into the application system, such as a unified portal website. OIDC sub-accounts can then click on the corresponding application icon to log in to the Cloud password-freely.

    Figure 2. Password-free Login URL


  5. The OIDC sub-account creates a VM instance.

    After you log in to the Cloud with the OIDC sub-account, you can create a VM instance following these steps: Choose Resource Center > Resource Pool > Virtual Resource > VM Instance. On the VM Instance page, click Create VM Instance and finish relevant configurations. For more information, refer to Create a VM Instance in User Guide.

Now, you have learned how to create a VM instance with an OIDC sub-account.

Archives

Download Document Archives

Back to Top

Download

Already filled the basic info?Click here.

Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

An email with a verification code will be sent to you. Make sure the address you provided is valid and correct.

同意 不同意

I have read and concur with the Site TermsPrivacy PolicyRules and Conventions on User Management of ZStack Cloud

Download

Not filled the basic info yet? Click here.

Invalid email address or mobile number.
同意 不同意

I have read and concur with the Site TermsPrivacy PolicyRules and Conventions on User Management of ZStack Cloud

Email Us

contact@zstack.io
ZStack Training and Certification
Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

同意 不同意

I have read and concur with the Site TermsPrivacy PolicyRules and Conventions on User Management of ZStack Cloud

Email Us

contact@zstack.io
Request Trial
Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

同意 不同意

I have read and concur with the Site TermsPrivacy PolicyRules and Conventions on User Management of ZStack Cloud

Email Us

contact@zstack.io

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder. After receiving the email, click the URL to download the documentation.

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder.
Or click on the URL below. (For Internet Explorer, right-click the URL and save it.)

Thank you for using ZStack products and services.

Submit successfully.

We'll connect soon.

Thank you for using ZStack products and services.