Keystone domains are containers for projects and users.

You can create and manage additional domains as needed. For example, you can create a separate domain for federated users. To manage domains, log in to the VMware Integrated OpenStack dashboard as a cloud administrator and select Identity > Domains.

All VMware Integrated OpenStack deployments contain the service and Default domains. The service domain contains accounts used by OpenStack services, and the Default domain contains accounts used by OpenStack users, including the admin account.

Important: Do not disable or delete the service or Default domains.

In earlier versions of VMware Integrated OpenStack, if you configured LDAP authentication during installation, the Default domain contained LDAP users, and the local domain contained OpenStack service and user accounts. If you have upgraded your deployment from a previous version of VMware Integrated OpenStack, these settings are retained for backward compatibility. However, service users are moved to the service domain.