Authentication Strategies

Choosing and configuring the appropriate authentication strategy.

Kiali supports five authentication mechanisms.

  • The default authentication strategy for OpenShift clusters is openshift.
  • The default authentication strategy for all other Kubernetes clusters is token.

All mechanisms other than anonymous support limiting per-user namespace access control.

For multi-cluster, only anonymous and openid are currently supported.

Read the dedicated page of each authentication strategy to learn more.


Anonymous strategy

Access Kiali with no authentication.

Header strategy

Run Kiali behind a reverse proxy responsible for injecting the user’s token, or a token with impersonation.

OpenID Connect strategy

Access Kiali requiring authentication through a third-party OpenID Connect provider.

OpenShift strategy

Access Kiali requiring OpenShift authentication.

Token strategy

Access Kiali requiring a Kubernetes ServiceAccount token.

Session options

Session timeout and signing key configuration