1.5 KiB
| layout | page_title | sidebar_current | description |
|---|---|---|---|
| docs | Auth Backends | docs-auth | Auth backends are mountable backends that perform authentication for Vault. |
Auth Backends
Auth backends are the components in Vault that perform authentication and are responsible for assigning identity and a set of policies to a user.
Having multiple auth backends enables you to use an auth backend that makes the sense for your use case of Vault and your organization.
For example, on developer machines, the GitHub auth backend is easiest to use. But for servers the AppRole backend is the recommended choice.
To learn more about authentication, see the authentication concepts page.
Enabling/Disabling Auth Backends
Auth backends can be enabled/disabled using the CLI or the API.
When enabled, auth backends are similar to secret backends:
they are mounted within the Vault mount table and can be accessed
and configured using the standard read/write API. The only difference
is that all auth backends are mounted underneath the auth/ prefix.
By default, auth backends are mounted to auth/<type>. For example,
if you enable "github", then you can interact with it at auth/github.
However, this path is customizable, allowing users with advanced use
cases to mount a single auth backend multiple times.
When an auth backend is disabled, all users authenticated via that backend are automatically logged out.