Skip to content

|

Docs
Plugin Hub
Support
Community
Kong Academy

Get a Demo Start Free Trial

Konnect Dev Portal
Portals
Settings
Security Settings

Edit this page

Report an issue

Kong Gateway
Kong Konnect
Kong Mesh
Kong AI Gateway
Plugin Hub
decK
Kong Ingress Controller
Kong Gateway Operator
Insomnia
Kuma

Docs contribution guidelines

Portals
- Overview
- Customization
- Publishing APIs
- Settings
- Audit Logs
APIs
Access and Approvals
Application Registration
- Overview
- Auth Strategies
  - Key Auth
  - OIDC
    - Overview
    - DCR
      - Overview

Switch to OSS

On this page

Default Visibility
User Authentication
Identity Providers
Developer & Application Approvals
- Auto approve developers
- Auto approve applications
Role-Based Access Control
Authentication Strategy / Creating API Keys
- Default application authentication strategy
User Authentication & Role-Based Access Control (RBAC)
Identity Providers (IdP)

Security Settings

Security settings allow for visibility and access control around Developers accessing your Dev Portal.

To adjust security settings for Dev Portal admin/users, see Konnect Organization settings.

Default Visibility

When new APIs or Pages are created, the specified default Visibility will be used. When publishing these items, these defaults can be changed as well.

Private: Registered and approved Developer must be logged into to view the asset
Public: Visible to anonymous users browsing the Dev Portal

Changing the default Visibility only affects new APIs or Pages. It does not retroactively change the visibility of existing APIs or Pages.

User Authentication

Enabling User Authentication will allow anonymous users browsing the portal to register for a Developer account.

User Authentication must be enabled to configure any further settings related to Identity Providers, RBAC, Developer & Application registration, or specifying Application Auth Strategies.

Identity Providers

Identity Providers (IdP) manage authentication of Developers signing into the Dev Portal.

Konnect’s Built-in authentication provider is used by default. This will generate API keys for Developers.

OIDC or SAML providers can be configured as an integrated IdP provider.

Learn more about configuring IdPs in Enable Self-Service Developer & Application Registration

Developer & Application Approvals

An API must be linked to a Konnect Gateway Service (version 3.6+) to be able to restrict access to your API with Authentication Strategies.

Registration of Developer accounts and creation of Applications both require approval by portal admins by default. These approvals are managed in Access and Approvals.

Auto approve developers

Enabled: anyone can sign up for a Developer account without any further approval process.
Disabled: portal admins will have to approve any new signup in Access and Approvals.

Auto approve applications

Enabled: When any approved Developer creates an Application, it will be automatically approved and created.
- Once an application is approved, the Developer will be able to use it to create API Keys.
Disable: portal admins will have to approve any new Applications in Access and Approvals before a Developer can create API Keys.

Role-Based Access Control

When RBAC is enabled for a Portal, the option to configure API access policies for Developers will be available when publishing the API to a portal. Otherwise, any logged in Developer can see any published API that is set to Visibility: public.

Authentication Strategy / Creating API Keys

An API must be linked to a Konnect Gateway Service (version 3.6+) to be able to restrict access to your API with Authentication Strategies.

Authentication strategies determine how published APIs are authenticated, and how Developers create API Keys.

Authentication strategies automatically configure the Konnect Gateway service by enabling the Konnect Application Auth (KAA) plugin on the Gateway service linked to the API. The KAA plugin can only be configured from the associated Dev Portal and not the Konnect Gateway Manager.

Default application authentication strategy

Determines the default authentication strategy applied to an API as it is published to a portal. Changing this default will not retroactively change any previously published APIs.

To create a new Application Authentication Strategy, see Application Auth

Authentication strategy only affects the hosted service and does not affect developers browsing the portal from viewing APIs. To change visibility of APIs in the portal, see Default Visibility and Role-based access control.

User Authentication & Role-Based Access Control (RBAC)

Enabling User Authentication will allow anonymous users browsing the portal to register Developer accounts. User Authentication must be enabled to configure any further settings related to Identity Providers, or Developers creating and registering Applications or issuing API Keys.

Identity Providers (IdP)

Identity Providers handle authentication of Developers signing into the Dev Portal. Konnect’s Built-in authentication provider, key auth, is used by default. OIDC or SAML providers can be configured as an integrated IdP provider.

To setup security for Dev Portal admin/users, see Konnect Organization settings

Thank you for your feedback.

Was this page useful?

Too much on your plate?

More features, less infrastructure with Kong Konnect. 1M requests per month for free.

Try it for Free

Powering the API world

Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.
- Products
- Documentation
- Open Source
- Company
  - About Kong
  - Customers
  - Careers
  - Press
  - Events
  - Contact

Terms• Privacy• Trust and Compliance