Akeyless introduced its support for OpenID Connect (OIDC).
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.


Run the following command in your terminal, with the relevant parameters enabled.

akeyless create-auth-method-oidc --name oauth-am --issuer {your-issuer-url} --client-id {your-client-id}  --client-secret {your-client-secret} --unique-identifier {your-unique-identifier (e.g 'email' or 'username'')}


-n, --name

*Auth Method name


Issuer URL


Client ID (application ID)


Client secret


Unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP, and SAML authentication method types and is usually a value such as an email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a "sub claim" containing details uniquely identifying that user. This Sub-Claims includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization


Access expiration date in Unix timestamp (select 0 for access without expiry date)


A CIDR whitelist of the IPs that the access is restricted to


In order to create a new OIDC authentication credentials, go to Auth Methods tab, click on new and select OIDC.

Did this page help you?