Remote Identities

Last modified on February 3, 2023

Remote Identities enable your organization’s users to authenticate to SSH or Kubernetes resources using their own individual identifier rather than a leased credential.

A Remote Identity is like a username, profile, or alias that is unique to an individual user or service account. When logging in to a server via an SSH client, for example, you typically log in with credentials that are not shared with anyone else. Moreover, your individual activities are written to the resource’s native logs under your username.

A leased credential is shared across multiple users and service accounts. In a StrongDM organization that uses the leased credential method of authentication, all users authenticate with the same leased credential in order to access the resources that have been granted to their assigned role(s). Individual activities are written to the organization’s logs.

Leased credentials are the default way to access SSH or Kubernetes resources, but they are no longer the only way. Now you have the flexibility to authenticate to SSH or Kubernetes resources with either leased credentials or Remote Identities.

The option to authenticate with Remote Identities is available for the following resource types only:

  • SSH (Certificate Based) server
  • AKS cluster
  • AKS (Service Account) cluster
  • Elastic Kubernetes Service cluster
  • Elastic Kubernetes Service (Service Account) cluster
  • Google Kubernetes Engine cluster
  • Kubernetes cluster
  • Kubernetes (Service Account) cluster

For help setting up Remote Identities, see Remote Identity for SSH and Remote Identity for Kubernetes.