Identity Enrolment Type UPDB

Not sure what this is… any tips?

How do you use it?

It’s helpful to know where you saw this for me to be able to answer best. Just a pointer is probably all I’d need. It’s useful to me to find out a bit of context, it might change the way I go about answering the question.

This is related to enrollment. Every identity needs to be able to enroll with the OpenZiti controller. Generally speaking, we do this through either one-time tokens (the jwts) or via 3rd party CA. You can read about those on the doc site.

UPDB is effectively the “username password database”. I went hunting through source and the management.yaml file for a bit looking for clues to answer, but I didn’t find any that made me feel like I really understood the need for it. I’ve never used this type of enrollment myself! :slight_smile: I’ll give you my educated guess and then find “the real” answer if I’m wrong.

I expect this allows an identity to be created and subsequently enrolled using nothing but a username and password. Generally speaking, we favor using tokens (JWTs) or 3rd party certs, and since that process is pretty easy, that’s all I’ve ever used myself.

1 Like

sure… I often just play around… and find something new to learn more about.

This time, I was creating an identity manually… and found the UPDB option under identity type… when you select it… it comes up with a UPDB username. I guess it needs to be connected to some type of identity management system

No, it’s for use with OpenZiti. I don’t see a way in the ZAC to set the password of that user. You can explore this in ziti cli with:

ziti edge create authenticator updb -h
Creates a updb authenticator for an identity which will allow the identity to authenticate with a username/password combination. If <password> is omitted it will be prompted for.

  ziti edge create authenticator updb <identityIdOrName> <username> [<password>] [flags]

ziti edge controller create authenticator updb "David Bright" "dbright" "@$yh3Hh3h4"

  -h, --help   help for updb
1 Like

Makes sense now… thanks