See what makes Kong the fastest, most-adopted API gateway
Check out the latest Kong feature releases and updates
Single platform for SaaS end-to-end connectivity
Enterprise service mesh based on Kuma and Envoy
Collaborative API design platform
How to Scale High-Performance APIs and Microservices
Call for speakers & sponsors, Kong API Summit 2023!
3 MIN READ
Our latest release of Kong Konnect augments the security and compliance of the offering through enhanced authentication capabilities.
Through the rest of this post, we’ll walk you through each of these features and explore what’s new in this Kong Konnect release.
Figure 1: Kong Konnect Personal Access Tokens
The introduction of the Kong Konnect personal access token (PAT) allows users to generate an alternate set of credentials that can be used to authenticate decK for Kong Konnect.
As a result, organizations that have Single Sign-On enabled are able to utilize personal access tokens to bypass the need for usernames and passwords completely. PATs also serve as the preferred way to securely authenticate automated tooling and custom integrations.
Users are able to create, manage and revoke their PATs from the personal access token page. This menu can also be found by clicking on the user’s profile on the bottom left navigation.
In the decK v1.14 and above, personal access tokens can be used to authenticate decK for Kong Konnect by passing the PAT in the </span><span style="font-weight: 400;">--konnect-token {PAT} flag.
</span><span style="font-weight: 400;">--konnect-token {PAT}
Example:
deck ping --konnect-token kpat_74bvc5ecOJnd5JrVJ8pyPPUbNslIJCi6mecK7wnLppo7XG
The PAT can also be passed in via an environmental variable using the DECK_ prefix.
export DECK_KONNECT_TOKEN={PAT} deck ping deck dump —-konnect-runtime-group-name dev
Figure 2: Auth Settings in Kong Konnect
During Kong Summit 2021, we announced the availability of Okta support in Kong Konnect for administrative Single-Sign-On (SSO) and for portal application registration. Today we are excited to announce that Kong Konnect supports integration with federated identity management supporting OpenID Connect (OIDC) standard. This means organizations can integrate Kong Konnect with several OIDC identity management providers (IdP) such as Okta, Keycloak, PingFederate, Azure Active Directory, Microsoft Active Directory and more.
Organizations have the option to toggle each authentication scheme independently, which allows three states to exist: Built-in auth only, SSO only or both enabled. This allows greater integration with existing IT infrastructure as well as support for service accounts should the need arise.
If SSO is enabled with an OIDC provider, the Team Mappings option allows users who belong to an IdP group to be automatically mapped to a Konnect Team via their group claims. Users who log in to Kong Konnect with a verified group claim will have their team memberships replaced with that configured in the Team Mappings tab.
Combined, the OIDC-SSO and the Team Mappings allow additional users to be automatically provisioned in Kong Konnect and their access automatically granted once the integration with the IdP is configured.
To learn more about Kong Konnect refer to our documentation here and schedule a personalized demo today. Kong Konnect is also is available for a 14-day free trial. We look forward to your feedback on these latest features of Kong Konnect.
To get an immersive experience of our products, including the latest news and announcements in Kong Konnect, join us for Kong Summit. Check out Kong Summit 2022 schedules, speaker list, and registration info.
Share Post
Learn how to make your API strategy a competitive advantage.