open-vault/website/content/guides/identity/index.mdx

---
layout: guides
page_title: Identity and Access Management - Guides
description: >-
  Once a Vault instance has been installed, the next step is to configure auth

  backends, secret backends, and manage keys. Vault configuration guides
  addresses

  key concepts in configuring your Vault application.
---

# Identity and Access Management

This guide walks you through Identity and Access Management topics.

- [Secure Introduction of Vault Clients](/guides/identity/secure-intro)
  explains the mechanism of the client authentication against a Vault server.

- [Policies](/guides/identity/policies) are used to instrument
  Role-Based Access Control (RBAC) by specifying access privileges. Authoring of
  policies is probably the first step the Vault administrator performs. This guide
  walks you through creating example policies for `admin` and `provisioner` users.

- [ACL Policy Path Templating](/guides/identity/policy-templating) guide
  demonstrates templated policy paths to allow non-static paths.

- [AppRole Pull Authentication](/guides/identity/authentication) guide
  that introduces the steps to generate tokens for machines or apps by enabling
  AppRole auth method.

- [AppRole with Terraform and Chef](/guides/identity/approle-trusted-entities)
  guide explains how AppRole auth method integrates with Terraform and Chef.
  This guide is for anyone who wishes to reproduce the demo introduced during
  the [Delivering Secret Zero: Vault AppRole with Terraform and
  Chef](https://www.hashicorp.com/resources/delivering-secret-zero-vault-approle-terraform-chef)
  webinar.

- [Token and Leases](/guides/identity/lease) guide helps you
  understand how tokens and leases work in Vault. The understanding of the
  lease hierarchy and expiration mechanism helps you plan for break glass
  procedures and more.

- [Identity - Entities & Groups](/guides/identity/identity) guide
  demonstrates the usage of _Entities_ and _Groups_ to manage Vault clients'
  identity.

## Vault Enterprise

- [Sentinel Policies](/guides/identity/sentinel) guide
  walks through the creation and usage of _Role Governing Policies_ (RGPs) and
  _Endpoint Governing Policies_ (EGPs) in Vault.

- [Control Groups](/guides/identity/control-groups) can be used to enforce
  additional authorization factors before the request can be completed. This
  guide walks through the implementation of a Control Group.
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`---`
			`layout: guides`
			`page_title: Identity and Access Management - Guides`
			`description: >-`
			`Once a Vault instance has been installed, the next step is to configure auth`

			`backends, secret backends, and manage keys. Vault configuration guides`
			`addresses`

			`key concepts in configuring your Vault application.`
			`---`

			`# Identity and Access Management`

			`This guide walks you through Identity and Access Management topics.`

[website] Link Cleaning (#8205) * update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com> 2020-01-22 20:05:41 +00:00			`- [Secure Introduction of Vault Clients](/guides/identity/secure-intro)`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`explains the mechanism of the client authentication against a Vault server.`

[website] Link Cleaning (#8205) * update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com> 2020-01-22 20:05:41 +00:00			`- [Policies](/guides/identity/policies) are used to instrument`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`Role-Based Access Control (RBAC) by specifying access privileges. Authoring of`
			`policies is probably the first step the Vault administrator performs. This guide`
			walks you through creating example policies for `admin` and `provisioner` users.

[website] Link Cleaning (#8205) * update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com> 2020-01-22 20:05:41 +00:00			`- [ACL Policy Path Templating](/guides/identity/policy-templating) guide`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`demonstrates templated policy paths to allow non-static paths.`

[website] Link Cleaning (#8205) * update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com> 2020-01-22 20:05:41 +00:00			`- [AppRole Pull Authentication](/guides/identity/authentication) guide`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`that introduces the steps to generate tokens for machines or apps by enabling`
			`AppRole auth method.`

[website] Link Cleaning (#8205) * update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com> 2020-01-22 20:05:41 +00:00			`- [AppRole with Terraform and Chef](/guides/identity/approle-trusted-entities)`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`guide explains how AppRole auth method integrates with Terraform and Chef.`
			`This guide is for anyone who wishes to reproduce the demo introduced during`
			`the [Delivering Secret Zero: Vault AppRole with Terraform and`
			`Chef](https://www.hashicorp.com/resources/delivering-secret-zero-vault-approle-terraform-chef)`
			`webinar.`

[website] Link Cleaning (#8205) * update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com> 2020-01-22 20:05:41 +00:00			`- [Token and Leases](/guides/identity/lease) guide helps you`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`understand how tokens and leases work in Vault. The understanding of the`
			`lease hierarchy and expiration mechanism helps you plan for break glass`
			`procedures and more.`

[website] Link Cleaning (#8205) * update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com> 2020-01-22 20:05:41 +00:00			`- [Identity - Entities & Groups](/guides/identity/identity) guide`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`demonstrates the usage of _Entities_ and _Groups_ to manage Vault clients'`
			`identity.`

			`## Vault Enterprise`

[website] Link Cleaning (#8205) * update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com> 2020-01-22 20:05:41 +00:00			`- [Sentinel Policies](/guides/identity/sentinel) guide`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`walks through the creation and usage of _Role Governing Policies_ (RGPs) and`
			`_Endpoint Governing Policies_ (EGPs) in Vault.`

[website] Link Cleaning (#8205) * update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com> 2020-01-22 20:05:41 +00:00			`- [Control Groups](/guides/identity/control-groups) can be used to enforce`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`additional authorization factors before the request can be completed. This`
			`guide walks through the implementation of a Control Group.`