Skip to main content

Understanding Access Control

Backends

A backend is a Knocknoc supported technology that it can connect to toand update and ACL.ACLs. Using the flexible scripting backend, nearly any type of technology is supported. Because the backend technology is connected to via the agent, the scripting can be easily customised to suit your environment. 

ACL

An ACL or Access Control List is a named list of IP addresses. This is updated by the backend using either native support (eg HAproxy) or via a script. The script takes the IP and ACL name as an argument,argument and updates the backend configuration. It needs to support add and revoke, and ideally be idempotent.

GroupGroups

A group contains a list of ACLs and a list of Users that can use thatthose ACL.ACLs. Groups provided by SAML need to match the Knocknoc group name, and the ACLs selected for that group will apply.