Create and use Authentication Policies in Ziti Console

dmuensterer · November 20, 2022, 9:45pm

Hi, is there a way to create Authentication Policies in Ziti Console?
As per https://openziti.github.io/docs/core-concepts/security/authentication/auth/#primary-authentication one should be able to define an authentication policy for identities.

An Identity can have one Authentication Policies associated with it.

However I couldn't find any possibility to set it up in Ziti Console.

Another non-related question, if you allow:
Is there a way to "comfortably" use Yubikeys to store the certificate? By comfortable I mean to use a Yubikey without using the CLI and ziti-tunneler but instead use Ziti Desktop Edge.
I'd love that feature!

TheLumberjack · November 20, 2022, 9:52pm

I don’t think authentication policies are exposed in ZAC yet. Using Yubikeys/PKCS11 is supported but the ergonomics around using it is by no means “comfortable”, no. It’s been a feature we have discussed enabling more ergonomically/easily it’s just not been a focus yet. We’ll get there at some point, but it’s not on anyone’s radar just yet.

I’ll go file a ZAC issue for enabling auth policies. ZAC will likely be getting some more work done to it in the coming months but for now, it’ll have to be CLI (or REST API)

Topic		Replies	Views
Unable to add auth policy to ZAC Ziti Administration Console	7	141	April 10, 2023
Ziti cli user question General Questions	1	298	August 25, 2022
OIDC Authentication / SSO Ziti Administration Console	1	165	July 3, 2023
Totally custom, self-maintained PKI Ziti Overlay	6	290	August 25, 2022
Creating Endpoint with your own Certificate Authority Ziti Administration Console	28	923	May 6, 2022

Create and use Authentication Policies in Ziti Console

Related Topics