Due to its nature as an extension to Akeyless SaaS services, the Akeyless Gateway can also act as a proxy for the Akeyless SaaS console. This proxy can be found on the /console endpoint of the Gateway URL e.g. https://Your_Akeyless_Gateway_URL:8000/console
Any user in the account can connect without any requirements based on their Access Roles. This endpoint replicates the Akeyless SaaS console, enabling seamless work with Zero-Knowledge items.

To set a default Authentication Methods for your users, you can set either SAML, OIDC or Certificates-Based Authentication.

👍

Note

Gateway Users Authentication does not mean those users will be able to log in and manage your Gateway deployment, to set a list of Gateway Allowed Admins please refer to the Gateway Admins section in the relevant deployment guide.

SAML & OIDC

To configure your Gateway to work with a default SAML or OIDC authentication method for your users, take the following steps:

Open the Gateway Console by going to Gateways -> Your-Gateway -> Manage Gateway, on the Defaults page, provide the relevant Access ID and save your changes.

Once saved, users can log in to your Gateway Console on the /console endpoint of the Gateway URL i.e. https://Your_Akeyless_Gateway_URL:8000/console.

Certificate-Based Authentication

To work with Certificate-Based Authentication as the default login method for your Gateway, ensure your Gateway deployment is set with sni-proxy enabled, as described in this guide for Docker, or for K8s deployment as described here.

Set your users' DNS records with the cert authentication subdomain auth-cert.akeyless.io to point to your Gateway IP address.

Open the Gateway Console by going to Gateways -> Your-Gateway -> Manage Gateway, on the Defaults page, provide the relevant Access ID, and save your changes.

Once saved, users can log in to your Gateway Console on the /console endpoint of the Gateway URL i.e. https://Your_Akeyless_Gateway_URL:8000/console.

🚧

Warning

Certificate-Based Authentication utilizes mTLS. Therefore, it is required that the Gateway itself will manage any TLS termination for the connection to Akeyless SaaS core services.