This page explains how to manage access to API Portals and how to control API and API Gateway access.
Traefik Hub uses Identity Providers (IdPs) to manage user identities and to authorize access to API Portals.
In Traefik Hub, an IdP serves as the foundation for user authentication, while API keys or JWTs play a key role in authorizing users to access APIs.
An identity provider (IdP) is a centralized system or service responsible for verifying users’ identities.
You can use Traefik Hub to manage your users and groups (internal IdP), or you can use an external IdP, such as Keycloak or Okta.
All user management is done through the internal IdP.
Traefik Hub will manage all users, groups, and tokens. This is the default configuration.
To consume APIs, a user needs to be part of a user group.
Groups are a means of categorizing users.
This allows for granting permissions to APIs for specific groups.
When a user is a member of multiple groups, the user will inherit the permission level of the group with the most access.
If you switch from the default configuration to JWT, all API keys generated in the API Portal will be turned off.