PowerFlex 4.X: Create Credentials for Root and Nonroot users
Summary: Use this procedure to create credentials for root and nonroot users in PowerFlex Manager.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Create credentials for root and nonroot users
Use this procedure to create credentials for root and nonroot users in PowerFlex Manager.
Prerequisites
To import and create the SSH keys for a PowerFlex node, switch, OS Admin, OS User, ensure that you generate SSH key pairs of RSA type without passphrase. See Related information for more information.
About this task
You can now use a nonroot user instead of the root user for PowerFlex system administration functions. This enhances security by disabling the root user during node discovery, operating system installation, and nondisruptive updates. The default nonroot username is pflex.
The credential type OS Admin is used for root users, and OS User is used for nonroot user. OS Admin and OS User credential types apply for the deployment the resource groups.
For nonroot user authentication, after the deployment of the resource group, the SSH access to the user root is disabled, password is still available to take console access for troubleshooting.
PowerFlex Manager allows you to specify a nonroot user when you configure a template for a compute-only, storage-only, hyperconverged or PowerFlex file deployment.SSH key pairs-based root or nonroot deployments are not supported for PowerFlex file deployments.
PowerFlex Manager allows you to use an LDAP user for PowerFlex system administration functions. When you create or edit an operating system user credential, you can optionally specify the LDAP domain. This allows you to use an active directory (AD) user rather than a local user for administration functions.
- On the menu bar, click Settings > Security.
- Click Resource Credentials. The Credentials Management page opens.
- Click Create.
- In the Create Credentials dialog box, from the Credential Type drop-down list, select one of the following resource types for which you want to create credentials:
- Node
- Switch
- OS Admin
- OS User
Credential types apply to deployed items, not to PowerFlex Manager. If you are creating an OS user credential set for the management virtual machines on a PowerFlex management controller resource group, select OS User.
- In the Credential Name field, enter the name to identify the credential.
If you are creating an OS User credential set for the management virtual machines on a PowerFlex Management Controller resource group, do the following:
- Enter
MVM delladminto identify the credential. - In the User Name field, enter
delladmin. - Enter the
delladminaccount password in the Password and Confirm Password fields.
- Click Enable Key Pairs to enable login with SSH key pairs and perform the following:
|
To: |
Do this: |
|---|---|
|
Enable key pairs for the Node or Switch credential: |
Manually generate the
|
|
Create keys using PowerFlex Manager for the OS Admin or OS User credential and enable key pairs: |
|
|
To manually generate and import an existing key pair for the OS Admin or OS User credential. |
Manually generate the
|
If you enable SSH key pairs for a Node or Switch credential and use that credential for discovery, PowerFlex Manager uses public or private RSA key pairs to SSH into your node or switch securely, instead of using a username and password.
If you enable SSH key pairs for an OS User or OS Admin credential and use that credential for a deployment, PowerFlex Manager uses RSA public or private key pairs for the deployment operations.
PowerFlex Manager does not consume SSH keys for all component types. For example, if you enable SSH key pairs for an admin credential, the SSH keys are not used for the deployment of a CloudLink Center VM. Instead, the username and password are used instead for all communication.
Create a username with domain name on the active directory server. NTP server and active directory server time must sync. Configure the DNS server and prefix on the network management configuration.
- To enable LDAP for an OS User (optional):
- On the Create Credentials page, in the Credential type field, enter OS User.
- In the Credential Name field, enter LDAP.
- Enter the domain name and username in the Domain and User Name fields.
- Enter the passwords and click Save.
- In the User Name field, enter the username for the credential.
For Nodes (iDRAC), root is the only valid username for root-level credentials. For a nonroot username, enter the default nonroot username.
For the OS Admin credential type, the User Name field is disabled because the user is assumed to be root. You must use the root user for new deployments.
For the OS User credential type, enter the default nonroot username.
For the OS Admin credential type, the User Name field is disabled because the user is assumed to be root. You must use the root user for new deployments.
For the OS User credential type, enter the default nonroot username.
For the embedded operating system, this user account must have SSH enabled and have sudo access.
For VMware ESXi, the account must be configured with the administrator role on the local server permission setting, which should enable SSH and other tools like esxcli.
You can add existing resource groups with a nonroot user. The account on the SVM and or PowerFlex storage-only nodes for the OS User credential type must have a /home directory and have the correct group permissions.
- In the Password and the Confirm Password boxes, enter the password for the credential.
See PowerFlex 4.x How to Update the PowerFlex Manager password
Additional Information
Affected Products
ScaleIOArticle Properties
Article Number: 000324356
Article Type: How To
Last Modified: 29 Jan 2026
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.