Skip to content
Kong Logo | Kong Docs Logo
search
  • Docs
    • Explore the API Specs
      View all API Specs View all API Specs View all API Specs arrow image
    • Documentation
      API Specs
      Kong Gateway
      Lightweight, fast, and flexible cloud-native API gateway
      Kong Konnect
      Single platform for SaaS end-to-end connectivity
      Kong Mesh
      Enterprise service mesh based on Kuma and Envoy
      decK
      Helps manage Kong’s configuration in a declarative fashion
      Kong Ingress Controller
      Works inside a Kubernetes cluster and configures Kong to proxy traffic
      Kong Gateway Operator
      Manage your Kong deployments on Kubernetes using YAML Manifests
      Insomnia
      Collaborative API development platform
      Kuma
      Open-source distributed control plane with a bundled Envoy Proxy integration
  • Plugin Hub
    • Explore the Plugin Hub
      View all plugins View all plugins View all plugins arrow image
    • Functionality View all View all arrow image
      View all plugins
      Authentication's icon
      Authentication
      Protect your services with an authentication layer
      Security's icon
      Security
      Protect your services with additional security layer
      Traffic Control's icon
      Traffic Control
      Manage, throttle and restrict inbound and outbound API traffic
      Serverless's icon
      Serverless
      Invoke serverless functions in combination with other plugins
      Analytics & Monitoring's icon
      Analytics & Monitoring
      Visualize, inspect and monitor APIs and microservices traffic
      Transformations's icon
      Transformations
      Transform request and responses on the fly on Kong
      Logging's icon
      Logging
      Log request and response data using the best transport for your infrastructure
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
Kong Gateway
3.0.x
  • Home icon
  • Kong Gateway
  • Kong Manager
  • Authentication and Authorization
  • Rbac
  • Invite an Admin
github-edit-pageEdit this page
report-issueReport an issue
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kong Ingress Controller
  • Kong Gateway Operator
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 3.5.x (latest)
  • 3.4.x
  • 3.3.x
  • 3.2.x
  • 3.1.x
  • 3.0.x
  • 2.8.x
  • 2.7.x
  • 2.6.x
  • Archive (pre-2.6)
enterprise-switcher-icon Switch to OSS
On this pageOn this page
  • Prerequisites
  • Invite an admin
  • Copy and send a registration link
  • Grant an admin access with LDAP
You are browsing documentation for an outdated version. See the latest documentation here.

Invite an Admin

An admin is any user in Kong Manager. They may access Kong entities within their assigned workspaces based on the permissions of their roles.

This guide describes how to invite an admin in Kong Manager. As an alternative, if a super admin wants to invite an admin with the Admin API, it is possible to do so using /admins.

Prerequisites

  • Authentication and RBAC are enabled
  • You have super admin permissions or a user that has /admins and /rbac read and write access

Invite an admin

  1. Navigate to the Teams page in Kong Manager.

  2. From the Admins tab, select Invite Admin.

  3. Fill out the username and email address. When a new admin receives an invitation, they will only be able to log in with that email address. Assign any appropriate roles and click Invite Admin to send the invitation.

    Super admins can invite users to multiple workspaces, and assign them any role available within workspaces, including roles that exist by default (for example, super-admin, read-only) and roles with customized permissions.

    The super admin can see all available roles across workspaces on the Roles tab of the Teams page.

  4. On the Teams page, the new invitee will appear on the Admins list in the Invited section. Once they accept the invitation, the user will be listed in the main Admins list.

    By default, the registration link will expire after 259,200 seconds (3 days). This time frame can be configured in the kong.conf file using the admin_invitation_expiry property.

    If an email fails to send, either due to an incorrect email address or an external error, you can resend the invitation.

    If SMTP is not enabled or the invitation email fails to send, the super admin can copy and provide a registration link directly.

  5. The newly invited admin will have the ability to set a password. If the admin ever forgets the password, they can reset it through a recovery email.

Copy and send a registration link

If a mail server is not yet set up, it is still possible to invite admins to register and log in.

  1. Invite an admin as described in the section above.

  2. Open the admin’s info page. Next to register_url, click the Generate registration link button.

    Copy and directly send this link to the invited admin so that they may set up their credentials and log in.

If admin_gui_auth is ldap-auth-advanced, credentials are not stored in Kong, and the admin will be directed to log in.

Grant an admin access with LDAP

  1. Pick a user in the LDAP directory that will be the super admin.

  2. Change the super admin’s username in Kong by making a PATCH request to admins/kong_admin and setting the value of username to the corresponding LDAP attribute.

    For example, if the LDAP user’s attribute is einstein, the PATCH to /admins/kong_admin should have a username set to einstein.

  3. Log in to Kong Manager using the LDAP credentials associated with the super admin.

  4. Invite admins from the Admins page in Kong Manager, ensuring that the username of each Admin is mapped to the attribute value set in the LDAP directory.

    To enable the admins to log in, it is still necessary to assign a role to them.

  5. Once an admin has logged in successfully and accesses the Admin API using their LDAP credentials, they will be marked as approved on the Admins list in Kong Manager.

    The new admins will still receive an email, but all credentials will be handled through the LDAP server, not Kong Manager or the Admin API.

Thank you for your feedback.
Was this page useful?
Too much on your plate? close cta icon
More features, less infrastructure with Kong Konnect. 1M requests per month for free.
Try it for Free
  • Kong
    Powering the API world

    Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.

    • Products
      • Kong Konnect
      • Kong Gateway Enterprise
      • Kong Gateway
      • Kong Mesh
      • Kong Ingress Controller
      • Kong Insomnia
      • Product Updates
      • Get Started
    • Documentation
      • Kong Konnect Docs
      • Kong Gateway Docs
      • Kong Gateway Enterprise Docs
      • Kong Mesh Docs
      • Kong Insomnia Docs
      • Kong Konnect Plugin Hub
    • Open Source
      • Kong Gateway
      • Kuma
      • Insomnia
      • Kong Community
    • Company
      • About Kong
      • Customers
      • Careers
      • Press
      • Events
      • Contact
  • Terms• Privacy• Trust and Compliance
© Kong Inc. 2023