Home
Documentation Tutorials Try Cloud!

Identities

Authentication methods are the components in Vault that perform identity validation of Vault clients and responsible for assigning a set of policies to an authenticated client. In this step you will enable an authentication method and generate login credentials.

This step assumes you started the Vault server and signed in with the root token in the Web UI step.

Enable authentication

  1. Select the Access view from the menu

This view is the index and displays all authentication methods, entities, groups, and leases. The token authentication method was enabled when Vault was initialized and cannot be disabled.

  1. Select the Enable new method action from within the view.

This view displays all of the authentication methods that this version of Vault supports.

  1. Choose the Username & Password method and select Next.

This view displays the path and the ability to configure the auth method. The path defaults to "userpass."

User lockout

the User lockout feature is enabled by default for the userpass, approle, and ldap auth methods.

  1. Toggle Method Options to display the method options interface.

  1. Check the List method when unauthenticated option.

  2. Select Enable Method.

The authentication method is created. The view displays its configuration page.

Create credentials

The User & Password authentication method, abbreviated as userpass, enables the creation of credentials for individual users.

  1. Select the View method action from within the view.

This view displays the users created for this authentication methods. There are no users.

  1. Select the Create user action from within the view.

This view displays the ability to create a custom login for a user.

  1. Enter webapp in the Username field. Enter password in the Password field.

  1. Toggle Tokens to display the token interface.

  1. Enter webapp in the Generated Token's Policies. Select Add.

The policies added to this authentication method are not checked against available policies.

  1. Select Save.

The authentication method for this user is created.

Authenticate with credentials

You are currently logged in with the root token. To login with these user credentials requires you to log out.

  1. Open the Profile submenu. Select Sign Out.

You are now logged out of the server.

  1. Choose userpass from the Method list.

The view changes to show a username and password login interface.

  1. Enter webapp in the Username field. Enter password in the Password field. Select Sign in.

You are now logged through the userpass authentication method. The capabilities of this user are limited to the policies assigned to this user's auth method.

PreviousAPI ExplorerNextSecrets

Last updated