You can manage the access of machine identities using the access controls described below.
See the Quickstart for how to integrate your workload with MIM services.
A Tag is an arbitrary string with no metadata nor ID, used to manage access to secrets. Entities are assigned tags in a one-to-many association. I.e. a single Ticket/Secret/Workload is associated with several Tags. Each entity is associated with at least one Tag. A Workload can retrieve a Secret’s value only if the Client is associated with every Tag the Secret is associated with.
A Role is a system-assigned permission for the ticket. For example, this is used to determine whether the ticket can be used to register a client as a Ticket Factory (which can issue tickets to enroll new clients ad-hoc). This role is assigned by selecting the Orchestrator role.
In order to access / utilize an entity, a Workload must authenticate with an IP address that matches at least one of the Network Access Ranges associated with the entity.
An entity cannot be used/accessed past its expiration date.
One of Active/Deactivated/Expired. Entities are created as “Active” by default, yet its activation status can at any point be manually changed. Deactivated entities cannot be used/accessed until they are reactivated.
For a Ticket, this defines an upper limit for the amount of time between a Workload authentication with this Ticket until it expires.