Skip to main content

Identity Providers

This page explains how to manage access to API Portals and how to control API access.

Introduction

Traefik Hub uses Identity Providers (IdPs) to manage user identities and to authorize access to API Portals.

In conjunction, API keys or JSON Web Tokens (JWT) are used to control the access to APIs.

In Traefik Hub, an IdP serves as the foundation for user authentication, while API keys or JWTs play a key role in authorizing users to access APIs.

IdP

An identity provider (IdP) is a centralized system or service responsible for verifying users’ identities. You can use Traefik Hub to manage your users and groups (internal IdP), or you can use an external IdP, such as Keycloak or Okta.

Internal

All user management is done through the internal IdP.

Traefik Hub will manage all users, groups, and tokens. This is the default configuration.

External

Traefik Hub supports Keycloak and Okta.

When using an external IdP all user management is done via this IdP, Traefik Hub will only sync the user and groups into its own database.

It is not possible to create, for example, a new user or user group in Traefik Hub.

Consuming APIs

To consume APIs in Traefik Hub, only applications that are granted access to and can consume APIs. API Access Management determines which applications can access specific APIs and the operations they are permitted to perform. This is achieved through a combination of resources:

Further, access to APIs is controlled by API keys or JWTs.

warning

If you switch from the default configuration to JWT, all API keys generated in the API Portal will be turned off.

Related Content