Skip to main content

Allowlist

Unlike most other types of Knocknoc backends that require the Knocknoc agent to actively push grants into the target system, the Allowlist backend simply publishes a list of active grants via the API.

Pros
  • Does not require a Knocknoc agent.
  • Provides an additional option for custom integrations.
Cons
  • Knocknoc cannot know if/when grants are applied on the target system, therefore less feedback is provided to users.
  • We rely on appliances/clients to poll for allowlist updates, so they are potentially slower.
  • Since Knocknoc only publishes the active allowlist, the client must implement revocation/deny.
Usage
  1. Add an API key with scope allowlists.read.
  2. Add a backend of type "Allowlist".
  3. Add an ACL and select your new allowlist backend.
  4. Copy the provided URL. This is where your allowlist grants will be published. The URL is in format https://example.knoc.cloud/api/v1/allowlists/<aclId>/<token>
  5. Optionally you may enable http basic authentication on the URL.

The Allowlist backend is available in Knocknoc v5.2.

Back to top