This page discusses creating and using an email-based authentication method in Akeyless.
Email authentication allows human users to authenticate directly to the Akeyless Console using their email address and password. It is typically used for standalone accounts, administrators, or environments where SAML or OIDC federation is not required.
Email authentication is intended for interactive human access and is not recommended for machine or workload authentication.
Creating an Email Authentication Method
Email authentication is available by default for Akeyless accounts. No additional configuration is required. This action is distinct from creating a new Akeyless account: it creates an additional email-based authentication method for an existing account.
Creating an Email Authentication Method with the Console
To create a new email-based authentication method with the Console:
- In the Console, under Administration, navigate to Users & Auth Methods.
- Select + New. This opens the Create Authentication Method form.
- On the Type selection screen, select Email, then Next →.
- Enter a name for the Authentication Method in the Name field. Optionally, include a path using
/separators to place the Authentication Method in a virtual folder, then select Next →. - Supply the designated email address in the Email field. Optionally, configure Two-Factor Authentication.
- Select Finish.
An email prompting to set a password and activate the authentication method will be sent to the specified email address. Be sure to associate the email authentication method with one or more Roles.
Creating an Email Authentication Method with the CLI
To create an email-based authentication method with the CLI:
akeyless auth-method create email \
--name <Email Auth Method Name> \
--email [email protected]An email prompting to set a password and activate the authentication method will be sent to the specified email address. Be sure to associate the email authentication method with one or more Roles.
Read about more parameters available when creating an email-based authentication method.
Using an Email Authentication Method
Using an Email Authentication Method with the Console
To use an email-based authentication method with the Console:
- Open the Akeyless Console: https://console.akeyless.io.
- Email authentication is the default option. Enter the email address used, then select Sign in.
- Enter the password used, then select Sign in again.
Using an Email Authentication Method with the CLI
To authenticate with an email address and password using the CLI, run the Akeyless auth command:
akeyless auth \
--admin-email [email protected] \
--admin-password <Password>Optional Features
For optional features that apply across Authentication Methods, see Common Optional Features.
- Two-Factor Authentication: When creating an email-based authentication method, Two-Factor Authentication can be optionally enabled. The second factor can use either Email or an Authenticator App. Only Google Authenticator is supported as an Authenticator App. The Two-Factor Authentication configuration can be enabled, edited, or disabled on an existing email-based authentication method.
- Forgot Password: On the Console login screen, select Forgot Password below the Email field. This opens the Forgot Your Credentials? page. Enter the email address, then select Reset Credentials.
Updated 4 days ago
Make sure to associate your new Authentication Method with an Access Role to grant the relevant permissions within Akeyless.