Cloudera Docs

Cloudera accounts

A Cloudera account (sometimes called a Cloudera tenant) is the management console where users log in to access their services. A Cloudera account contains one or more Cloudera environments.

Cloudera Accounts

Physically, all management consoles run in a shared infrastructure (the Cloudera Control Plane). Each management console has a unique ID and is logically isolated from other Cloudera accounts. For example, if you have two Cloudera accounts, you cannot view the resources in account 2 if you are logged into account 1. Each Cloudera account, including sub-accounts, has a separate invoice.

A Cloudera account can have one or more identity providers. Each identity provider is connected to one SAML provider, which in turn is connected to an Active Directory. A Cloudera account can be connected to multiple Azure Active Directory organizations (via identity provider) and multiple subscriptions. Cloudera creates one Cloudera account per customer; you can create additional Cloudera accounts through a manual approvals process.

For example, the "Cloudera CDP Demos" account is connected to:

  • 3 identity providers, each connected to an LDAP Server via SAML:
    • Corporate OKTA, so that anybody with a cloudera.com email can log in (as long as they are entitled).
    • An LDAP server used for workshops, so that we can provision temporary users without having to go through corporate account lifecycle management.
    • An LDAP server hosting demo users, so that we can create new personas on demand for demo scenarios.
  • Multiple Azure subscriptions; one per budget item (Sales, Product Management, Services, Tradeshow Demos etc.).
  • This allows different groups to host their own demos and pay for them using their own cloud account.

Cloudera Environments

A Cloudera environment exists inside a Cloudera account, and each Cloudera account can have many environments. An environment is a logical container for a Data Lake cluster and any workloads that are attached to that cluster, such as Cloudera Data Hub clusters, Cloudera Data Warehouses, Cloudera AI environments, etc. All services running within an environment share the same metadata and use the same Data Lake.

Each environment can be associated with only one cloud account. This association is called a Cloudera credential and points to either:

  • A service principal for a specific Azure subscription
  • A cross-account role for a specific AWS account