Gateway Authentication Use Cases

Authentication Using Environment Variables

The standalone installation of the Akeyless Gateway allows for the following authorization use cases:

Use Case

Options

Single Gateway Admin

Auth method: email/password

  1. You can log with the email and password into the Gateway installation with the empty Admin role.

  2. You can set Admin credentials directly by installing the Gateway with environment variables:

  • ADMIN_ACCESS_ID="email"

  • ADMIN_PASSWORD="password"

Single Gateway Admin

Auth method: API Key

You can set Admin credentials directly by installing the Gateway with environment variables:

  • ADMIN_ACCESS_ID="access-id"

  • ADMIN_ACCESS_KEY="access-key"

📘

NOTE

You cannot combine these environment variables with the ALLOWED_ACCESS_IDS variable.

Use Case

Options

Multiple Gateway Admins

Auth methods: email/password, API Keys, etc.

Install the Gateway with the environment variable:

ALLOWED_ACCESS_IDS=“access-id-1,access-id-2”

When using this variable, you still have an option to set email/password as one of the authentication methods for this Gateway instance - but only at the first login.

🚧

IMPORTANT

When you use the ALLOWED_ACCESS_IDS variable to set up access to your Gateway using a shared authentication method, you must provide relevant sub-claims.

Otherwise, all users authenticated by the Identity Provider with a given access-id will be able to log in to your Gateway and configure it.

📘

NOTE

  1. You cannot combine this environment variable with variables that set Admin credentials directly (ADMIN_ACCESS_ID, ADMIN_PASSWORD, ADMIN_ACCESS_KEY).

  2. You cannot specify an email as one of the Access IDs in the list.

SAML & OIDC Authentication

If you need to set up either SAML or OIDC Authentication for your Gateway Console, take the following steps:

  1. First, you need to create Access IDs for those authentication methods as described in the documentation:

  2. Then you need to open the Gateway Configuration Manager at http://Your-Akeyless-Gateway-URL:8000, and on the Defaults page provide and save those Access IDs.

SAML & OIDC Authentication SetupSAML & OIDC Authentication Setup

SAML & OIDC Authentication Setup


What’s Next
Did this page help you?