Authentication Methods Introduction
In Authentication & Authorization we saw that Authentication Methods represent machine identities or human identities.
Instead of authenticating identities itself, in most cases, Akeyless integrates with 3rd party identity providers that provide tokens of authentication.
For machine access, Akeyless supports:
- Cloud identities (CSP IAM) such as AWS IAM, Azure AD, and GCP.
- On-prem machines using Akeyless Universal Identity ™.
- Kubernetes Auth.
- Certificate based Authentication.
- API Keys
For human access, Akeyless supports:
which are used by known identity providers such as Okta, Azure AD, and others.
Authentication Settings
Under your account settings in the console, you will find a tab titled Authentication Settings. Currently, this tab allows you to customize the expiration limits (TTL) and default for authentication methods that are time-sensitive.
You can set a custom range of possible TTL for your tokens, setting the minimum, default, and maximum allowed TTL for your tokens.
The default setting of your token TTL will affect all your authentication methods unless you have set a different TTL for a specific authentication method.
Note
For an authentication method to have the necessary permissions to perform actions, you will need to attach it to a matching role.
To learn more about this, please go to Access Roles & RBAC.
Multi-Factor Authentication
Multi-factor authentication is a process in which users are prompted during the sign-in process for an additional form of identification, such as a code on their email, or using any authenticator application.
If you only use an Email and password to authenticate to Akeyless, either using your Account email or any users who were invited using the Email Auth it leaves an insecure vector for attack. Those Authe methods can be set with MFA by default.
To enable MFA on your email, navigate to the Account Settings page and choose the right flow you'd like to receive those temporary tokens, either over email, or using an authenticator app. Once enabled, any time you'll log in using your email, you'll have to provide this one-time password to log in to Akeyless services such as our Command Line Interface (CLI), Web applications, and our Browser Extension.
Updated about 2 months ago