In akeyless, is it possible to assign unique secrets to SAML authenticated users based off of ABAC/sub-claim.
for example:
Lets say I have SAML auth users, Jon Smith and Patty Smith. I want to generate an RSA key pair that is unique to each user based on only a sub-claim of email='[email protected]
Thank you!
In Akeyless, you can grant a user or group using a valid auth method that support those params, to get any kind of permission level to even a specific file/folder. This can be done either via the UI under Access Roles section, or even via the CLI, if you have configured it. e.g creating the role :
akeyless create-role --name test-roleassociate this role a specific user using email as his sub claim:akeyless assoc-role-am --role-name test-role --am-name saml-test-auth-method --sub-claims [email protected]and then specify to which path you would like to grant permission within this role:akeyless set-role-rule --role-name test-role --path /path/to/specific/secret --capability read