/sensu-go/6.12/operations/control-access/ Recent content in Control Access on Sensu Docs Hugo -- gohugo.io en-us /sensu-go/6.12/operations/control-access/sso/ Mon, 01 Jan 0001 00:00:00 +0000 /sensu-go/6.12/operations/control-access/sso/ COMMERCIAL FEATURE: Access authentication providers for single sign-on (SSO) in the packaged Sensu Go distribution. For more information, read Get started with commercial features. Sensu requires username and password authentication to access the web UI, API, and sensuctl command line tool. In addition to the built-in basic authentication, Sensu offers commercial support for using Lightweight Directory Access Protocol (LDAP), Active Directory (AD), or OpenID Connect 1.0 protocol (OIDC) for single sign-on (SSO) authentication. /sensu-go/6.12/operations/control-access/use-apikeys/ Mon, 01 Jan 0001 00:00:00 +0000 /sensu-go/6.12/operations/control-access/use-apikeys/ The Sensu API key feature (core/v2.APIKey) is a persistent universally unique identifier (UUID) that maps to a stored Sensu username. The advantages of authenticating with API keys rather than access tokens include: More efficient integration: Check and handler plugins and other code can integrate with the Sensu API without implementing the logic required to authenticate via the /auth API endpoint to periodically refresh the access token Improved security: API keys do not require providing a username and password in check or handler definitions Better admin control: API keys can be created and revoked without changing the underlying user’s password…but keep in mind that API keys will continue to work even if the user’s password changes API keys are cluster-wide resources, so only cluster admins can grant, view, and revoke them. /sensu-go/6.12/operations/control-access/create-read-only-user/ Mon, 01 Jan 0001 00:00:00 +0000 /sensu-go/6.12/operations/control-access/create-read-only-user/ Role-based access control (RBAC) allows you to exercise fine-grained control over how Sensu users interact with Sensu resources. Use RBAC rules to achieve multitenancy so different projects and teams can share a Sensu instance. Sensu RBAC helps different teams and projects share a Sensu instance. RBAC allows you to manage users and their access to resources based on namespaces, groups, roles, and bindings. By default, Sensu includes a default namespace and an admin user with full permissions to create, modify, and delete resources within Sensu, including RBAC resources like users and roles. /sensu-go/6.12/operations/control-access/create-limited-service-accounts/ Mon, 01 Jan 0001 00:00:00 +0000 /sensu-go/6.12/operations/control-access/create-limited-service-accounts/ In some cases, you may want to allow an application or service to interact with Sensu resources. Use Sensu’s role-based access control (RBAC) to create and configure accounts that represent applications or services rather than individual human users. These limited service accounts give you fine-grained control of the access and permissions the application or service needs. For example, you might develop a service that displays a high-level view of your webserver statuses based on an aggregate check. /sensu-go/6.12/operations/control-access/ad-auth/ Mon, 01 Jan 0001 00:00:00 +0000 /sensu-go/6.12/operations/control-access/ad-auth/ COMMERCIAL FEATURE: Access active directory (AD) authentication for single sign-on (SSO) in the packaged Sensu Go distribution. For more information, read Get started with commercial features. Sensu requires username and password authentication to access the web UI, API, and sensuctl command line tool. In addition to the built-in basic authentication, Sensu offers commercial support for using Microsoft Active Directory (AD) for single sign-on (SSO) authentication. The AD authentication provider is based on the LDAP authentication provider. /sensu-go/6.12/operations/control-access/ldap-auth/ Mon, 01 Jan 0001 00:00:00 +0000 /sensu-go/6.12/operations/control-access/ldap-auth/ COMMERCIAL FEATURE: Access Lightweight Directory Access Protocol (LDAP) authentication for single sign-on (SSO) in the packaged Sensu Go distribution. For more information, read Get started with commercial features. Sensu requires username and password authentication to access the web UI, API, and sensuctl command line tool. In addition to the built-in basic authentication, Sensu offers commercial support for a standards-compliant Lightweight Directory Access Protocol (LDAP) tool for single sign-on (SSO) authentication. /sensu-go/6.12/operations/control-access/oidc-auth/ Mon, 01 Jan 0001 00:00:00 +0000 /sensu-go/6.12/operations/control-access/oidc-auth/ COMMERCIAL FEATURE: Access OpenID Connect 1.0 protocol (OIDC) authentication for single sign-on (SSO) in the packaged Sensu Go distribution. For more information, read Get started with commercial features. Sensu requires username and password authentication to access the web UI, API, and sensuctl command line tool. In addition to the built-in basic authentication, Sensu offers commercial support for single sign-on (SSO) authentication using the OpenID Connect 1.0 protocol (OIDC) on top of the OAuth 2. /sensu-go/6.12/operations/control-access/apikeys/ Mon, 01 Jan 0001 00:00:00 +0000 /sensu-go/6.12/operations/control-access/apikeys/ API keys are long-lived authentication tokens that make it more convenient for Sensu plugins and other Sensu-adjacent applications to authenticate with the Sensu API. Unlike authentication tokens, API keys are persistent and do not need to be refreshed every 15 minutes. The Sensu backend generates API keys, and you can provide them to applications that want to interact with the Sensu API. Use the core/v2/apikeys API endpoints to create, retrieve, and delete API keys. /sensu-go/6.12/operations/control-access/namespaces/ Mon, 01 Jan 0001 00:00:00 +0000 /sensu-go/6.12/operations/control-access/namespaces/ Namespaces partition resources within Sensu. Sensu entities, checks, handlers, and other namespaced resources belong to a single namespace. Namespaces help teams use different resources (like entities, checks, and handlers) within Sensu and impose their own controls on those resources. A Sensu instance can have multiple namespaces, each with their own set of managed resources. Resource names must be unique within a namespace but do not need to be unique across namespaces. /sensu-go/6.12/operations/control-access/rbac/ Mon, 01 Jan 0001 00:00:00 +0000 /sensu-go/6.12/operations/control-access/rbac/ Sensu’s role-based access control (RBAC) helps different teams and projects share a Sensu instance. Use RBAC to specify the actions users are allowed to take against specific Sensu resources, within namespaces or across all namespaces, based on roles bound to the user or to one or more groups the user is a member of. Roles create sets of permissions (for example, get and delete) tied to resource types. Cluster roles apply permissions across namespaces and include access to cluster-wide resources like users and namespaces.