Home > Storage > PowerScale (Isilon) > Product Documentation > Management and Migration > PowerScale OneFS User Mapping: Mapping Identities Across Authentication Providers > Overview
When a user connects to a PowerScale cluster, OneFS checks the directory services to which the user’s access zone is connected for an account for the user. If OneFS finds an account that matches the user’s login name, OneFS verifies the user’s identity—that is, it authenticates the user. During authentication, OneFS creates an access token for the user. The token contains the user’s full identity, including group memberships. OneFS uses the token later to check access to directories and files.
When OneFS authenticates users with different directory services, OneFS maps a user’s account from one directory service to the user’s accounts in other directory services within an access zone—a process known as user mapping. A Windows user account managed in Active Directory, for example, is mapped by default to a corresponding UNIX account with the same name in NIS or LDAP. As a result, with a single token, a user can access files that were stored by a Windows computer over SMB and files that were stored by a UNIX computer over NFS.
The focus of this paper is mapping user identities across authentication providers and the configuration options available. For more information about tokens, file permissions, and the PowerScale AIMA architecture, see the PowerScale OneFS AIMA white paper.
Note: Prior to making changes on a production cluster, extreme caution is recommended. The concepts explained in this paper must be understood in their entirety before implementing significant file and permission updates. As with any major infrastructure update, testing changes in a lab environment is best practice. After updates are confirmed in a lab environment, a gradual roll-out to a production cluster can commence.
Note: The examples of output from the PowerScale CLI throughout this paper may have formatting that is different from other terminal emulation software, because each manipulates data differently. The examples are displayed only as a reference point for understanding the output.