Major Changes Coming Soon to Identity Management (IDM) in LC

On January 9, 2024 a new Identity Management (IDM) system will be rolled out in Livermore Computing. As a reminder, IDM is the service one uses for managing HPC users—creating and managing user accounts, groups, and host accesses. Users and computer coordinators access the service at https://lc-idm.llnl.gov/

What Is Going to Change?

The new IDM is brand new from the ground up. In addition to a new user interface, the system introduces a powerful concept called “roles”. Roles will greatly simplify getting and managing the correct host and group accesses needed for your job assignment. Roles incorporate sets of hosts and groups, and will be defined by the different organizations and projects which utilizeLC. Roles will be the fundamental mechanism in new IDM for managing all types of access.

Authentication to IDM will also change to match what LC’s GitLab and Atlassian tools use. In particular, this means that tri-lab users will be able to login with their local site credentials.

Simple Example of a Role in Action

For example, say your job assignment requires access to the LC resources quartz and borax, and membership in groups a, b, and c. With the current IDM, each of these resources and groups would need to be added explicitly and each would need to be approved separately. With new IDM, a role incorporating these hosts and groups would be created up-front for the associated job assignment / project. When a new person is added to the project, they only need to be added to the associated role, which would then automatically grant all of the needed host and grouppermissions.

Common Questions and Answers

Q. Will I need to re-enter my existing LC access information (user accounts, groups, etc)?

A. No, all existing LC users, along with their resources and groups, will be carried over to the new IDM.

Q. Will I need to create roles before using the new IDM?

A. No, an initial set of roles will be created before the launch of new IDM. These will be basic roles that cover individual resources and groups. Over time, defined (higher level) roles that are project-specific and encompass many resources and groups will be created by the LC IDM team via requests from LC computer coordinators.

Q. How can I learn more?

A. Look for a follow-up Technical Bulletin as the release date nears for new IDM. That document will cover more details about how new IDM works, including how-to instructions for standard operations.