Account Settings
Akeyless offers a number of settings which are available for users to update in their accounts, from personal information to account-wide secrets settings.
Items that can be changed range from the look and feel of the UI to how users interact with secrets to additional security measures.
Update Account Settings from the Akeyless CLI
To view Account Settings
options from the CLI, use the following command:
akeyless update-account-settings -h
You can find all the available commands in the CLI Reference.
Update Account Settings from the Akeyless Console
To access these settings, click on the profile image on the top-right corner of the UI and choose "Account Settings".
General Information
Profile Image
To update your profile avatar, click on the pencil icon next to the image. This option is only available from the console.
Branding Logos
A custom logo (for both Light and Dark modes) as well as a custom Favicon can be added by clicking on the respective buttons. This option is only available from the console.
Company Name
Users can update the name of their company by clicking the pencil next to that field.
Account Alias
Option to set an alias for the account, this requires Akeyless Customer Success help, to provide end users an option to sign in to akeyless using a human-friendly string, with an Auth Method full name instead of Access IDs.
Password expiration policy
Set user passwords to expire after a number of days, relevant for the Account Owner and any Email authentication method.
Change Password
To change your password, click the "Change Password" button. This option is only available from the console.
Two-Factor Authentication
Users have the ability to add MFA to their accounts using either of the following options. This feature is only available from the console.
- Authenticator App: When this feature is enabled, a popup will ask the user to scan the QR code with an authentication app on their device or enter the code given on screen.
- Email Address: When this feature is enabled, a popup will ask the user to check their email for a 6-digit code to confirm.
Address
To update the address information on the account, click on the pencil icons, updating the information in each field individually, and clicking on the check mark to save.
Items Settings
Secret Versions
When enabled, this feature allows the user to choose the maximum number of versions of Static Secrets, Rotated Secrets, and Targets to keep in the account for a given item. To update it, click on the pencil icon, choose a number, and click the check mark to save. In addition, you can choose to force a new version on update when versions are enabled in the account.
Delete Protection
When enabled, this feature allows only users with Admin access to delete items in the account and will set the default for new items create with Delete Protection enabled.
Protection Key Type
Users can choose which types of Encryption Keys can be used as a Protection Key for items in the account. Simply enable them to allow the option. DFC cannot be disabled.
Default Protection Key
Users can choose a default Encryption Key to protect all of their items. If you choose to enable Exclusively use default key, this will lock the Encryption Key making it the only option to be used for all items.
Request Access
This allows users to request temporary access or to elevate their current permissions for specific items using a built-in approval workflow which requires approval from the system admin. See the Request Access page for more info.
Password Generation Policy
This feature enables users to set the minimum length of passwords generated by Akeyless for the Password Manager. This includes capital and lowercase letters, numbers, and special characters options.
Dynamic Secret Max TTL
This setting adds support to control globally the Maximum allowed TTL for all Dynamic Secrets in the Account.
Rotated Secret Max Rotation Interval
This setting adds support to control globally the Maximum Auto Rotation Interval for all Rotated Secrets in the Account.
Item Sharing
Item Sharing is enabled by default on an account level. Users can also set the default TTL to choose how long shared items will be available to a user with whom an item is shared.
OIDC Provider Settings
This setting is enabled by default. Users can also edit the Signing Algorithm, Rotation TTL, Validation TTL, ID Token TTL, and Access Token TTL. For more information, see the docs on using the OIDC Identity Provider.
Item Naming Convention
Users can choose which characters are invalid for use in item names. Simply add all the characters you want to exclude and hit Enter. Only new items created after this change are affected.
Usage Events
Set a global event for secrets that have not been used or changed within the usage interval, the minimum is 90 days. The usage interval counter will start from the moment this feature is enabled.
Authentication Settings
Authentication Methods TTL
Users can set the default length of time Authentication Methods in the account will last. At the maximum time set, the user will be logged out of Akeyless.
Account Owner Authentication
This option will force authentication of the Owner of the account. Please note that this action will lock the default login out of the account. Approving this is irreversible and can not be revoked without direct contact with Akeyless Support.
Allowed Client IPs
Enter a comma-separated list of CIDR blocks from which the client can issue calls to the proxy. By "client," we mean CURL, SDK, etc. This parameter is optional. Leave it empty for unrestricted access. If needed, you can lock this list globally.
Allowed Trusted Gateway IPs
Comma-separated CIDR blocks. If specified, the Gateway using this IP range will be trusted to forward the original client IP. If empty, the Gateway's IP address will be used. If needed, you can lock this list globally.
Usage Events
Set a global event for Auth methods that have not been used or changed within the usage interval, the minimum is 90 days. The usage interval counter will start from the moment this feature is enabled.
Updated 4 months ago