What is an Akeyless Client?

An Akeyless Client is a unique identity—such as an application, user, or machine—that consumes secrets and/or authenticates itself through the Akeyless Platform. Each client is counted as one unique entity per month, regardless of how many times it authenticates. Clients can be human users, applications, services, or machine-based systems.

How does Akeyless count clients?

Akeyless counts each unique entity (human, application, service, or CI/CD pipeline) only once per billing period. For example, if an application called App-A authenticates multiple times, it is counted as a single client for that month. This ensures accurate billing and avoids duplicate counts.

What unique identifiers does Akeyless use for clients?

For human users, Akeyless uses identifiers such as email, username, or UPN. For machines, it uses an Access_ID. For Kubernetes, the identifier includes Access_ID, Config, and namespace. These identifiers ensure each client is uniquely recognized and counted.

What authentication methods does Akeyless support for clients?

Akeyless supports a wide range of authentication methods for both human and machine identities, including AWS IAM, Azure AD, GCP, Akeyless Universal Identity™, Kubernetes Auth, Certificate-based Authentication, LDAP, SAML, OIDC, OAuth2.0/JWT, and API Keys. Each method reports a unique identifier for the client.

What are the key features of Akeyless?

Akeyless offers centralized secrets management, encryption and key management, certificate lifecycle management, modern Privileged Access Management (PAM), multi-vault governance, secure remote access, and out-of-the-box integrations with popular tools. Key differentiators include Vaultless Architecture, Universal Identity, Zero Trust Access, automated credential rotation, and a cloud-native SaaS platform.

What integrations does Akeyless support?

Akeyless supports integrations with identity providers (Akeyless OIDC, Okta SAML/OIDC, Ping Identity), configuration management tools (Ansible, Chef, Puppet, SaltStack), dynamic secrets (Artifactory, AWS, Azure AD, Cassandra, OracleDB, PostgreSQL, Redis), authentication methods (Auth0, AWS IAM, Azure AD OIDC/SAML), key management (AWS KMS, Azure KMS, Salesforce Shield), log forwarding (AWS S3, Azure Log Analytics, Splunk, Sumo Logic, Syslog), CI/CD tools (Jenkins, TeamCity, Azure DevOps, Terraform), certificate management (Cert Manager, Venafi, ZeroSSL), SDKs (Python, Ruby, C# .NET Core), telemetry (Prometheus), and event forwarding (ServiceNow, Slack).

Does Akeyless provide an API?

Yes, Akeyless provides a comprehensive API for its platform, including support for API Keys for authentication. API documentation is available at docs.akeyless.io/docs.

What security and compliance certifications does Akeyless have?

Akeyless holds certifications including ISO 27001, SOC 2 Type II, FIPS 140-2, PCI DSS, and CSA STAR. These certifications demonstrate robust security and regulatory compliance for industries such as finance, healthcare, and critical infrastructure.

How does Akeyless ensure data protection and security?

Akeyless uses patented encryption technologies to secure data in transit and at rest. The platform enforces Zero Trust Access with granular permissions and Just-in-Time access, minimizing standing privileges. Audit and reporting tools track every secret for compliance.

Who can benefit from using Akeyless?

Akeyless is designed for IT security professionals, DevOps engineers, compliance officers, and platform engineers across industries such as technology, finance, retail, manufacturing, and cloud infrastructure. Companies like Wix, Dropbox, Progress, and Cimpress have adopted Akeyless for centralized secrets management and Zero Trust Access.

What business impact can customers expect from using Akeyless?

Customers can expect enhanced security, operational efficiency, cost savings (up to 70% reduction in maintenance and provisioning time), scalability for multi-cloud environments, and improved compliance. Employees benefit from reduced security tasks and increased productivity.

Can you share specific case studies or customer success stories?

Yes. Constant Contact scaled in a multi-cloud, multi-team environment using Akeyless (case study). Cimpress transitioned from Hashi Vault to Akeyless for enhanced security and seamless integration (case study). Progress saved 70% of maintenance and provisioning time (case study). Wix adopted Akeyless for centralized secrets management and Zero Trust Access (video).

What core problems does Akeyless solve?

Akeyless addresses the Secret Zero Problem (secure authentication without storing initial access credentials), legacy secrets management challenges, secrets sprawl, standing privileges and access risks, cost and maintenance overheads, and integration challenges. These are solved through Universal Identity, Zero Trust Access, automated credential rotation, and centralized management.

What pain points do Akeyless customers commonly express?

Customers often face issues with securely authenticating without storing initial credentials (Secret Zero Problem), inefficiencies with legacy secrets management tools, secrets sprawl, excessive access privileges, high operational costs, and integration complexity. Akeyless addresses these with modern, cloud-native solutions and out-of-the-box integrations.

How long does it take to implement Akeyless and how easy is it to start?

Akeyless can be deployed in just a few days due to its SaaS-native architecture. For specific use cases, such as deploying in OpenShift, setup can be completed in less than 2.5 minutes. Getting started is simple with self-guided product tours, platform demos, tutorials, and 24/7 support.

What training and technical support is available for Akeyless customers?

Akeyless provides self-guided product tours, platform demos, tutorials, comprehensive technical documentation, 24/7 support via ticket or email, and a Slack support channel. Proactive assistance is available for upgrades and troubleshooting.

How does Akeyless handle maintenance, upgrades, and troubleshooting?

Akeyless offers 24/7 customer support for maintenance, upgrades, and troubleshooting. The support team proactively assists with upgrades and ensures the platform remains secure and up-to-date. Extensive technical documentation and tutorials are available to help customers resolve issues.

How does Akeyless compare to HashiCorp Vault?

Akeyless offers a Vaultless Architecture, eliminating the need for heavy infrastructure and reducing costs and complexity. It provides advanced security features like Universal Identity and Zero Trust Access, and is delivered as a cloud-native SaaS platform for faster deployment and easier scalability.

How does Akeyless compare to AWS Secrets Manager?

Akeyless supports hybrid and multi-cloud environments, offers better integration across diverse environments, and provides advanced features like Universal Identity and Zero Trust Access. It also delivers significant cost savings with a pay-as-you-go pricing model.

How does Akeyless compare to CyberArk Conjur?

Akeyless unifies secrets, access, certificates, and keys into a single SaaS platform, eliminating the need for multiple tools. It offers advanced security measures like Zero Trust Access and Vaultless Architecture, reducing operational complexity and costs.

What feedback have customers shared about the ease of use of Akeyless?

Customers have praised Akeyless for its user-friendly design and seamless integration. For example, Conor Mancone (Cimpress) noted, 'We set Akeyless up 9 months ago and we haven’t had to worry about credential rotation or leakage. It’s been a really smooth, really easy process.' Shai Ganny (Wix) said, 'The simplicity of Akeyless has enhanced our operations and given us the confidence to move forward securely.' Adam Hanson (Constant Contact) highlighted its scalability and cloud-first approach.

Akeyless Clients

An Akeyless Client is a unique identity, such as an application, user, or machine, which consumes secrets and/or authenticates itself through the Akeyless Platform. Registration and reception of the same uniquely identified client are counted as one client per month.

More about Akeyless Clients

An Akeyless client represents any identity authenticated to the Akeyless platform. Thus, a client can represent a “user,” that is, a human who logs into the service to consume policies or secrets. Every user who logs into the service while using authentication is considered a “client.” Similarly, every application, service, or any other machine-based system that authenticates to the Akeyless service is also considered a client.

There can be many different types of clients that authenticate and communicate with Akeyless Platform, using one of the below authentication methods:

For machine access, Akeyless supports:

Cloud identity access management, such as AWS IAM, Azure AD, and GCP.
Akeyless Universal Identity ™ for on-prem machines
Kubernetes Auth
Certificate-based Authentication

For human access, Akeyless supports

LDAP
SAML, OIDC , OAuth2.0/JWT, which are used by known identity providers such as Okta, Azure AD, and others.

Akeyless also supports the use of API Keys for authentication of both human and machine identities.

How do clients work in Akeyless?

When a client authenticates to the Akeyless Platform, whether that client is a user, application or server, it is associated with a unique entity within the Management Console and is reported to the identity system (IDP) via the different authentication methods listed above (Authentication List). Every client entity is created or verified during authorization.

How are Clients Counted?

The Akeyless Platform ensures that entities are not counted more than once. Upon authentication for the first time during a billing period, Akeyless creates a unique entity for each human, application, service, or CI/CD pipeline.

Consider, for instance, an application called App-A that needs a secret from Akeyless. Since App-A is associated with a specific entity via a unique identifier within Akeyless, Akeyless knows whenever Application-A authenticates and authorizes, and will not count App-A more than once.

What Unique Identifiers does Akeyless Use?

For human users, a unique identifier is usually an email, username, or UPN. Whenever a user logs in with a token, SAML, OIDC, OAuth2.0, JWT, or LDAP Identity Providers issue sub-claims containing details that uniquely identify the user. A sub-claim includes a key holding the unique identifier value configured for the user, and distinguishes between different users from within the same organization.

For machines, a unique identifier is usually an access ID. Whenever a machine logs in with that identifier it contains details that uniquely identify the machine, distinguishing between different machines from within the same organization.

For Kubernetes, a unique identifier will require Access_ID, Config and namespace.

Authentication methods and how they are reported

Authentication Methods	Name reported by auth method
Machine Authentication
AWS IAM	Access_ID
Azure AD	Access_ID
GCP	Access_ID
Akeyless Universal Identity™	Token / Comment
Kubernetes Auth	Access_ID x Cluster x namespace
API Key	Access_ID
Certificate based Authentication	Unique Identifier – Common_Name, Organizational_Unit
Human Authentication
LDAP/s	Unique Identifier – Username, Email Address, or UPN
SAML	Unique Identifier – Username, Email Address, or UPN
OIDC	Unique Identifier – Username, Email Address, or UPN
OAuth 2.0/JWT	Unique Identifier – Username, Email Address, or UPN