Skip to main content

Identity Providers

This page explains how to manage access to API Portals and how to control API access.

Introduction

Traefik Hub uses Identity Providers (IdPs) to manage user identities and to authorize access to API Portals.

In conjunction, API keys, JSON Web Tokens (JWT), or LDAP are used to control the access to APIs.

In Traefik Hub, an IdP serves as the foundation for user authentication, while API keys, JWTs, or LDAP credentials play a key role in authorizing users to access APIs.

IdP

An identity provider (IdP) is a centralized system or service responsible for verifying users' identities. You can use Traefik Hub to manage your users and groups (internal IdP), or you can use an external IdP, such as LDAP, Keycloak, or Okta.

Internal

All user management is done through the internal IdP.

Traefik Hub will manage all users, groups, and tokens. This is the default configuration.

External

Traefik Hub supports LDAP, Keycloak, and Okta.

When using an external IdP all user management is done via this IdP, Traefik Hub will only sync the user and groups into its own database (online mode).

It is not possible to create, for example, a new user or user group in Traefik Hub.

Consuming APIs

To consume APIs in Traefik Hub, only applications that are granted access to and can consume APIs. API Access Management determines which applications can access specific APIs and the operations they are permitted to perform. This is achieved through a combination of resources:

Further, access to APIs is controlled by API keys, JWTs, or LDAP credentials.

warning

If you switch from the default configuration to JWT or LDAP, all API keys generated in the API Portal will be turned off.

Related Content