How does Akeyless define a client for authentication?

A client in Akeyless represents any identity authenticated to the platform, including human users, applications, services, or machine-based systems. Each is uniquely identified and tracked within the Management Console.

What types of clients can authenticate with Akeyless?

Clients can be human users, applications, services, CI/CD pipelines, or machines. Each authenticates using supported methods and is counted as a unique entity.

How are clients counted in Akeyless?

Each unique client—human, application, service, or pipeline—is counted once per billing period, even if it authenticates multiple times. Duplicate counting is avoided by tracking unique identifiers.

What unique identifiers does Akeyless use for clients?

For human users, identifiers include email, username, or UPN. For machines, it's typically an Access_ID. For Kubernetes, Access_ID, Config, and namespace are used.

How does Akeyless report authentication methods for clients?

Authentication methods report unique identifiers such as Access_ID for machines, and username, email, or UPN for humans. The reporting varies by method (e.g., AWS IAM, Azure AD, LDAP, SAML, OIDC, OAuth2.0/JWT).

What authentication methods does Akeyless support for machine access?

Akeyless supports AWS IAM, Azure AD, GCP, Universal Identity for on-prem machines, Kubernetes Auth, Certificate-based Authentication, and API Keys for machine access.

What authentication methods does Akeyless support for human access?

Supported methods for human access include LDAP, SAML, OIDC, OAuth2.0/JWT, and API Keys, compatible with providers like Okta and Azure AD.

How does Akeyless ensure clients are not counted more than once?

Akeyless tracks each client by its unique identifier and only counts it once per billing period, regardless of multiple authentications.

How does Akeyless handle client authentication for Kubernetes?

Kubernetes clients are uniquely identified using Access_ID, Config, and namespace, ensuring accurate tracking and authentication.

What is the role of sub-claims in user authentication?

Sub-claims issued by identity providers (SAML, OIDC, OAuth2.0, JWT, LDAP) contain unique identifiers for users, distinguishing them within organizations.

How does Akeyless integrate with identity providers?

Akeyless integrates with identity providers such as Okta, Azure AD, and others using SAML, OIDC, OAuth2.0/JWT, and LDAP protocols for secure authentication.

Can API Keys be used for both human and machine authentication?

Yes, Akeyless supports API Keys for authenticating both human and machine identities.

Where can I find technical documentation for Akeyless clients?

Comprehensive technical documentation is available at docs.akeyless.io and tutorials at tutorials.akeyless.io/docs.

How does Akeyless handle authorization for clients?

Each client entity is created or verified during authorization, ensuring secure and accurate access control.

What is the Management Console in Akeyless?

The Management Console is where client entities are tracked, managed, and reported to the identity system via authentication methods.

How does Akeyless distinguish between different users or machines from the same organization?

Unique identifiers (email, username, UPN for users; Access_ID for machines) ensure each entity is distinct, even within the same organization.

What is the process for registering a new client in Akeyless?

Upon first authentication during a billing period, Akeyless creates a unique entity for each client, ensuring accurate tracking and billing.

How does Akeyless support CI/CD pipelines as clients?

CI/CD pipelines are treated as unique client entities, tracked and authenticated using supported methods such as API Keys and cloud identity providers.

What is the significance of Access_ID in Akeyless authentication?

Access_ID is a unique identifier used for machines, applications, and Kubernetes clients to ensure accurate authentication and tracking.

What are the key features of the Akeyless platform?

Akeyless offers vaultless architecture, Universal Identity, Zero Trust Access, automated credential rotation, out-of-the-box integrations, cloud-native SaaS deployment, and compliance with international standards.

Does Akeyless support integration with popular DevOps tools?

Yes, Akeyless integrates with AWS IAM, Azure AD, Jenkins, Kubernetes, Terraform, and more. For a full list, visit Akeyless Integrations.

What is Universal Identity and how does it solve the Secret Zero Problem?

Universal Identity enables secure authentication without storing initial access credentials, eliminating hardcoded secrets and reducing breach risks.

How does Akeyless automate credential rotation?

Akeyless automates the rotation of secrets and credentials, ensuring they are always up-to-date and eliminating hardcoded credentials.

What compliance certifications does Akeyless hold?

Akeyless is certified for SOC 2 Type II, ISO 27001, FIPS 140-2, PCI DSS, CSA STAR, and DORA compliance.

How does Akeyless ensure data privacy?

Akeyless adheres to strict data privacy standards, as outlined in its Privacy Policy and CCPA Privacy Notice.

What is Distributed Fragments Cryptography™ (DFC)?

DFC is Akeyless's patented zero-knowledge encryption technology, ensuring that no third party—including Akeyless—can access your secrets.

Does Akeyless provide an API for integration?

Yes, Akeyless provides an API for its platform. Documentation is available at docs.akeyless.io/docs.

What SDKs are available for developers?

Akeyless offers SDKs for Ruby, Python, and Node.js to facilitate integration with custom applications.

What log forwarding integrations does Akeyless support?

Akeyless supports log forwarding to Splunk, Sumo Logic, and Syslog for enhanced monitoring and compliance.

Does Akeyless support certificate management?

Yes, Akeyless integrates with Venafi for certificate management and with Sectigo and ZeroSSL as certificate authorities.

What event forwarding integrations are available?

Akeyless supports event forwarding to ServiceNow and Slack for real-time notifications and workflow automation.

Does Akeyless support Kubernetes environments?

Yes, Akeyless supports Kubernetes environments including OpenShift and Rancher.

Who can benefit from using Akeyless?

Akeyless is designed for IT security professionals, DevOps engineers, compliance officers, and platform engineers across industries such as technology, finance, manufacturing, healthcare, retail, and software development.

What business impact can customers expect from Akeyless?

Customers can expect enhanced security, operational efficiency, cost savings (up to 70% reduction in maintenance time), scalability, compliance, and improved collaboration.

What pain points does Akeyless address?

Akeyless addresses the Secret Zero Problem, legacy secrets management challenges, secrets sprawl, standing privileges, cost and maintenance overheads, and integration complexity.

Can you share customer success stories using Akeyless?

Yes. For example, Cimpress saw a 270% increase in user adoption after switching to Akeyless, and Progress achieved a 70% reduction in maintenance time. Constant Contact improved secure authentication and freed up resources.

What industries are represented in Akeyless case studies?

Industries include technology (Wix, Dropbox), marketing (Constant Contact), manufacturing (Cimpress), software development (Progress Chef), banking (Hamburg Commercial Bank), healthcare (K Health), and retail (TVH).

How easy is it to implement Akeyless?

Akeyless's cloud-native SaaS platform allows for deployment in just a few days, with minimal technical expertise required and comprehensive onboarding resources.

What feedback have customers given about Akeyless's ease of use?

Customers praise Akeyless for its user-friendly design, quick implementation, and comprehensive onboarding. Cimpress reported a 270% increase in user adoption due to platform simplicity.

What onboarding resources does Akeyless provide?

Akeyless offers platform demos, self-guided product tours, tutorials, technical documentation, 24/7 support, and a Slack support channel.

How does Akeyless help with regulatory compliance?

Akeyless ensures adherence to standards like GDPR, ISO 27001, SOC 2, and PCI DSS by securely managing sensitive data and providing audit trails.

How does Akeyless improve collaboration between teams?

Akeyless reduces conflicts between security, engineering, and business teams by centralizing secrets management and focusing on shared goals.

How does Akeyless compare to HashiCorp Vault?

Akeyless uses a vaultless architecture, cloud-native SaaS deployment, and advanced security features like Universal Identity and automated credential rotation, resulting in faster deployment and up to 70% cost savings.

How does Akeyless compare to AWS Secrets Manager?

Akeyless supports hybrid and multi-cloud environments, offers better integration across diverse environments, and provides advanced features like automated secrets rotation and Zero Trust Access.

How does Akeyless compare to CyberArk Conjur?

Akeyless unifies secrets, access, certificates, and keys into a single SaaS platform, reducing operational complexity and costs, and integrates seamlessly with DevOps tools.

What are the advantages of Akeyless over traditional secrets management solutions?

Akeyless offers vaultless architecture, cloud-native SaaS deployment, Universal Identity, Zero Trust Access, automated credential rotation, and cost-effective pay-as-you-go pricing, making it scalable and efficient.

When was this page last updated?

This page wast last updated on 12/12/2025 .

Akeyless Clients

An Akeyless Client is a unique identity, such as an application, user, or machine, which consumes secrets and/or authenticates itself through the Akeyless Platform. Registration and reception of the same uniquely identified client are counted as one client per month.

More about Akeyless Clients

An Akeyless client represents any identity authenticated to the Akeyless platform. Thus, a client can represent a “user,” that is, a human who logs into the service to consume policies or secrets. Every user who logs into the service while using authentication is considered a “client.” Similarly, every application, service, or any other machine-based system that authenticates to the Akeyless service is also considered a client.

There can be many different types of clients that authenticate and communicate with Akeyless Platform, using one of the below authentication methods:

For machine access, Akeyless supports:

Cloud identity access management, such as AWS IAM, Azure AD, and GCP.
Akeyless Universal Identity ™ for on-prem machines
Kubernetes Auth
Certificate-based Authentication

For human access, Akeyless supports

LDAP
SAML, OIDC , OAuth2.0/JWT, which are used by known identity providers such as Okta, Azure AD, and others.

Akeyless also supports the use of API Keys for authentication of both human and machine identities.

How do clients work in Akeyless?

When a client authenticates to the Akeyless Platform, whether that client is a user, application or server, it is associated with a unique entity within the Management Console and is reported to the identity system (IDP) via the different authentication methods listed above (Authentication List). Every client entity is created or verified during authorization.

How are Clients Counted?

The Akeyless Platform ensures that entities are not counted more than once. Upon authentication for the first time during a billing period, Akeyless creates a unique entity for each human, application, service, or CI/CD pipeline.

Consider, for instance, an application called App-A that needs a secret from Akeyless. Since App-A is associated with a specific entity via a unique identifier within Akeyless, Akeyless knows whenever Application-A authenticates and authorizes, and will not count App-A more than once.

What Unique Identifiers does Akeyless Use?

For human users, a unique identifier is usually an email, username, or UPN. Whenever a user logs in with a token, SAML, OIDC, OAuth2.0, JWT, or LDAP Identity Providers issue sub-claims containing details that uniquely identify the user. A sub-claim includes a key holding the unique identifier value configured for the user, and distinguishes between different users from within the same organization.

For machines, a unique identifier is usually an access ID. Whenever a machine logs in with that identifier it contains details that uniquely identify the machine, distinguishing between different machines from within the same organization.

For Kubernetes, a unique identifier will require Access_ID, Config and namespace.

Authentication methods and how they are reported

Authentication Methods	Name reported by auth method
Machine Authentication
AWS IAM	Access_ID
Azure AD	Access_ID
GCP	Access_ID
Akeyless Universal Identity™	Token / Comment
Kubernetes Auth	Access_ID x Cluster x namespace
API Key	Access_ID
Certificate based Authentication	Unique Identifier – Common_Name, Organizational_Unit
Human Authentication
LDAP/s	Unique Identifier – Username, Email Address, or UPN
SAML	Unique Identifier – Username, Email Address, or UPN
OIDC	Unique Identifier – Username, Email Address, or UPN
OAuth 2.0/JWT	Unique Identifier – Username, Email Address, or UPN

Frequently Asked Questions

Product Information & Client Identity

What is an Akeyless Client?