The most recent patch for this version is 26.1.3.  Learn more  

Skip to main content

Remote endpoint management

Remote endpoint management enables Authorization Hub to securely connect to external authorization services at runtime. Credentials are centrally managed, securely stored, and can be updated without requiring a redeployment.

CAQ endpoints for Policy insights

Authorization Hub uses remote endpoints to power Policy insights. It connects to a Contextual Authorization Query (CAQ) endpoint to evaluate policies and generate access review reports on demand.

This configuration is optional and can be added at any time. To configure your remote endpoints, follow these steps:

  1. Create a file called endpoints.yaml and store it in the configurations directory.

  2. Provide the required endpoint definitions. For example:

    endpoints:
      - name: caq-dev
        projectId: "e00f12c8-8f3a-40ac-81a7-5a762abc7288"
        description: "CAQ Development Environment"
        url: https://endpoint1.example.com
        auth:
          method: OAUTH2
          clientId: my-client
          clientSecret: my-secret
          tokenUri: "https://auth.example.com/token"
          scope: [ "read", "write" ]
      - name: caq-e2e
        projectId: "e00f12c8-8f3a-40ac-81a7-5a762abc7288"
        description: "CAQ End-to-End Environment"
        url: https://endpoint2.example.com
        auth:
          method: BASIC
          username: user
          password: pass
    note

    Endpoints are scoped to a project through the projectId parameter, enabling Policy insights users to run reports using the associated CAQ endpoint. The relevant description values will appear in the Environment dropdown on the Reports page.

    tip

    To retrieve the projectId, open the relevant project and extract the ID from the URL. For example, in https://sample.hub.domain/projects/e00f12c8-8f3a-40ac-81a7-5a762abc7288/dashboard, the project ID is e00f12c8-8f3a-40ac-81a7-5a762abc7288.

  3. Navigate to kubernetes/charts and run a Helm upgrade:

    helm upgrade hub \
    -f hub/values.yaml hub \
    --set registry=748131003707.dkr.ecr.eu-central-1.amazonaws.com/axiomatics/ \
    --set hubHostname=$CHANGE_ME \
    --set 'imagePullSecrets[0].name=regcred'

    The Helm chart creates a Kubernetes secret from this file. The application automatically detects changes to the secret without requiring a pod restart.

Update endpoints

To update the endpoints list, modify the configurations/endpoints.yaml file and perform a Helm upgrade.