open-vault/website/source/docs/auth/index.html.md
mootpt 872593d1e1 fixed secrets backend url
minor doc fix
2015-07-06 11:11:58 -07:00

1.5 KiB

layout page_title sidebar_current description
docs Auth Backends docs-auth Auth backends are mountable backends that perform authentication for Vault.

Auth Backends

Auth backends are the components in Vault that perform authentication and are responsible for assigning identity and a set of policies to a user.

Having multiple auth backends enables you to use an auth backend that makes the sense for your use case of Vault and your organization.

For example, on developer machines, the GitHub auth backend is easiest to use. But for servers the App ID backend is the recommended choice.

To learn more about authentication, see the authentication concepts page.

Enabling/Disabling Auth Backends

Auth backends can be enabled/disabled using the CLI or the API.

When enabled, auth backends are similar to secret backends: they are mounted within the Vault mount table and can be accessed and configured using the standard read/write API. The only difference is that all auth backends are mounted underneath the auth/ prefix.

By default, auth backends are mounted to auth/<type>. For example, if you enable "github", then you can interact with it at auth/github. However, this path is customizable, allowing users with advanced use cases to mount a single auth backend multiple times.

When an auth backend is disabled, all users authenticated via that backend are automatically logged out.