When setting up your Akeyless account, you will assign it an email address and a password. This authentication method will allow you to invite your teammates to join your account and utilize the items and resources in it using their email addresses and setting up their own passwords.
While this flow is simple and easy to use, we recommend you mainly use it for basic onboarding.

🚧

Note

While most authentication methods can be set from either the Akeyless Console or from the CLI, Email invitation to your account is an Akeyless Console exclusive.

Creating an Email Authentication from the CLI

Let's create a new Email authentication method using the Akeyless CLI. (You can do this also from the Akeyless Console.)

To create an email authentication method from the CLI, run the following command:

akeyless create-auth-method-email \
--name <Auth method-name> \
--email <Email address for inventation>

Where:

  • name: A unique name for the authentication method. The name can include the path to the virtual folder where you want to create the new authentication method, using slash / separators. If the folder does not exist, it will be created together with the authentication method.
  • email: Email address to be invited to have access

You can find the complete list of additional parameters for this command in the CLI Reference - Authentication section.

Creating an Email Authentication in the Akeyless Console

  1. Log in to the Akeyless Console and go to Users & Auth Methods > New > Email.

  2. Define a Name for the authentication method, and specify the Location as a path to the virtual folder where you want to create the new authentication method, using slash / separators. If the folder does not exist, it will be created together with the authentication method.

  3. Define the remaining parameters as follows:

  • Email: The email address of the invite recipient.

  • Expiration Date: Select the access expiration date. This parameter is optional. Leave it empty for access to continue without an expiration date.

  • Allowed Client IPs: Enter a comma-separated list of CIDR blocks from which the client can issue calls to the proxy. By "client," we mean CURL, SDK, etc. This parameter is optional. Leave it empty for unrestricted access.

  • Allowed Trusted Gateway IPs: Comma separated CIDR blocks. If specified, the Gateway using this IP range will be trusted to forward the original client IP. If empty, the Gateway's IP address will be used.

  • JWT TTL (in minutes): The timespan from acceptance of the invitation to the JWT expiration.

  1. Click "Save".

Saving will automatically send an invitation email to the specified address with a link to set a password and log in to the account.

πŸ‘

What's next?

Make sure to associate your new Authentication Method with an Access Role to grant the relevant permissions within Akeyless. Also, enable MFA under your account settings.