Concept

A user identity (also known as user) represents a developer, admin, or any other human entity interacting with resources in Infisical.

Users can be added manually (through Web UI) or programmatically (e.g., API) to organizations and projects.

Upon being added to an organization and projects, users assume a certain set of roles and permissions that represents their identity.

Authentication methods

To interact with various resources in Infisical, users are able to utilize a number of authentication methods:

  • Email & Password: the most common authentication method that is used for authentication into Web Dashboard and Infisical CLI. It is recommended to utilize Multi-factor Authentication in addition to it.
  • Service Tokens: Service tokens allow users authenticate into CLI and other clients under their own identity. For the majority of use cases, it is not a recommended approach. Instead, it is often a good idea to utilize Machine Identities with Universal Authentication.
  • SSO: Infisical natively integrates with a number of SSO identity providers like Google, GitHub, and GitLab.
  • SAML SSO: It is also possible to set up SAML SSO integration with identity providers like Okta, Microsoft Entra ID (formerly known as Azure AD), JumpCloud, Google, and more.
  • LDAP: For organizations with more advanced needs, Infisical also provides user authentication with LDAP that includes a number of LDAP providers.