Gateway Users Authentication

Due to its nature as an extension to Akeyless SaaS services, the Akeyless Gateway can also act as a proxy for the Akeyless SaaS console. This proxy can be found on port 18888 of the Gateway.
Any user in the account can connect without any requirements based on their Access Roles. This endpoint replicates the Akeyless SaaS console, enabling seamless work with Zero-Knowledge items.

To set a default Authentication Methods for your users, you can set either SAML, OIDC or Certificates-Based Authentication.

👍

Note

Gateway Users Authentication does not mean those users will be able to log in and manage your Gateway deployment, to set a list of Gateway Allowed Admins please refer to the Gateway Admins section in the relevant deployment guide.

SAML & OIDC

To configure your Gateway to work with a default SAML or OIDC authentication method for your users, take the following steps:

Open the Gateway Configuration Manager at http://Your_Akeyless_Gateway_URL:8000 , on the Defaults page, provide the relevant Access ID and save your changes.

Once saved, users can log in to your Gateway Console on port http://Your_Akeyless_Gateway_URL:18888 to start working from your internal network with Zero-Knowledge items.

Certificate-Based Authentication

To work with Certificate-Based Authentication as the default login method for your Gateway, ensure your Gateway deployment is set with sni-proxy enabled, as described in this guide for Docker, or for K8s deployment as described here.

Set your users' DNS records with the cert authentication subdomain auth-cert.akeyless.io to point to your Gateway IP address.

Open the Gateway Configuration Manager at http://Your_Akeyless_Gateway_URL:8000, on the Defaults page, provide the relevant Access ID, and save your changes.

Once saved, users can log in to your Gateway Console on port http://Your_Akeyless_Gateway_URL:18888 to start working from your internal network with Zero-Knowledge items.

🚧

Warning

Certificate-Based Authentication utilizes mTLS. Therefore, it is required that the Gateway itself will manage any TLS termination for the connection to Akeyless SaaS core services.


What’s Next