CoreWeave delivers another industry first: End-to-end automated user provisioning for Slurm clusters

Introducing Automated User Provisioning and SUNK User Provisioning | CoreWeave Blog

Announcement

Announcement

Webinar

Announcement

Podcast

Announcement

GTC 2026

Announcement

CoreWeave brings up the industry’s first NVIDIA Vera Rubin NVL72 deployment.

Read more

Products

Data and storage

Infrastructure control

Runtime acceleration

Model and agent development

Mission control

Solutions

Pricing

Resources

About us

Contact us Login

Contact us Login

Clear

Managing user access to compute clusters is often slow, manual, and error-prone. Researchers wait for credentials. Administrators spend hours configuring users and fixing permissions instead of focusing on performance or security. In large AI environments, this friction delays research, wastes valuable GPU time, and turns lost hours into real cost. When training runs span thousands of GPUs and experiments run continuously, even small delays in access slow discovery. With Automated User Provisioning (AUP) and SUNK User Provisioning (SUP), you can now automate that entire process. Identities sync directly from enterprise providers into CoreWeave IAM and Slurm on Kubernetes (SUNK) clusters, giving teams secure, ready-to-use access in minutes. It takes teams from Day 1 to Day Now, cutting setup time from days to instant access so researchers can get back to running jobs and moving work forward. This innovation is just part of CoreWeave’s end-to-end AI-first experience, where infrastructure, orchestration, and identity are designed together to serve large-scale training and inference. No other cloud combines this level of access control with Slurm-to-Kubernetes integration and bare-metal performance for AI workloads. AUP: Federation built for CoreWeave Cloud On its own, AUP enables secure, scalable identity management across CoreWeave Cloud, including CoreWeave Kubernetes Service (CKS), CoreWeave AI Object Storage, and the CoreWeave Console. By connecting your organization’s identity provider (IdP) to CoreWeave Identity and Access Management (IAM) through System for Cross-domain Identity Management (SCIM), the modern standard for secure identity synchronization, AUP keeps users and groups continuously aligned across every CoreWeave service. Identity federation has been a longstanding pain point for enterprise IT teams. Integrations built on legacy LDAP are brittle, slow, and difficult to maintain, especially at AI scale. Directory mismatches, manual field mapping, and delayed user deactivation create both operational drag and security risk. AUP replaces that complexity with a direct, standards-based connection. Using SCIM, it continuously syncs users and groups between identity providers such as Okta or Microsoft Entra and CoreWeave IAM. Any changes made upstream from new users, role updates, or deletions propagate automatically, removing manual steps and preventing stale credentials. The result? Unified identity management that scales from a single project to multi-cluster deployments without additional tooling. SUP: Provisioning for Slurm For cluster administrators, provisioning users for Slurm environments has traditionally been time-consuming and inconsistent. Researchers lose valuable time waiting for cluster access, while admins manually create POSIX users, update configurations, and chase permission errors. Every manual step slows research and adds risk when credentials linger or are stored in plain text. SUP extends CoreWeave IAM automation into Slurm-on-Kubernetes clusters, automatically creating POSIX users and groups, SSH keys, and Slurm users and accounts as soon as a user is added to CoreWeave IAM or to an upstream identity provider. Access and permissions are correct on first login, no YAML, no tickets, no delays. “Using SUNK User Provisioning has made adding new users to our Slurm cluster trivial and given us the ability to easily set up the right set of permissions for our different use cases. If only all my activities were this straightforward.” Tim McNerney, Member of Technical Staff, Inflection AI Under the hood of SUP SUP uses a per-customer SCIM endpoint and NSSCache to distribute user and group data across nodes. Unlike SSSD, which depends on a running daemon and constant network connectivity, NSSCache generates local caches that make authentication faster and more resilient for large-scale or transient HPC environments. This approach is purpose-built for AI workloads that span both training jobs and real-time inference. CoreWeave is the only platinum-certified platform for ClusterMax, underscoring the reliability of this foundation. This certification validates CoreWeave’s ability to support both dedicated and semi-clustered HPC configurations at scale. Together, AUP and SUP deliver the first fully automated, end-to-end user provisioning system for Slurm clusters, an AI-native capability that no other cloud provides. “Onboarding to Slurm on CoreWeave has been smooth and reliable. New user registration just works, unlike with other providers, where we often ran into setup issues. CoreWeave offers the best infrastructure support we’ve had so far.” ‍ Zhaoyang Lv, Member of Technical Staff, Impossible Inc. This release raises the bar for what users can expect from the #1 AI Cloud , purpose-built for the next generation of intelligent workloads. By reducing operational friction and securing identity at scale, AUP and SUP help teams focus on what matters most: advancing research and training models faster. AUP and SUP in practice AUP connects your identity provider to CoreWeave IAM. SUP then provisions that IAM data into SUNK. Getting started is straightforward. Enable SCIM, create a token in CoreWeave IAM, and set up SCIM in your identity provider following its instructions. We recommend AUP for federating identities not only for SUNK but also for other CoreWeave services like Object Storage and CKS. Once AUP is in place, set up SUP for managing users in your Slurm clusters. It doesn’t matter whether users and groups in IAM came from an identity provider or were created manually. Create a SCIM token for SUP for each Slurm cluster and configure NSSCache in each one as described in our documentation. For small teams without an IdP, create SUNK-specific groups such as slurm-users and slurm-sudo in IAM and point NSSCache to the SCIM endpoint to fetch that data. Researchers can paste their own SSH keys in the user settings page and view their POSIX UID and GID. What it looks like in practice Watch the…