Skip to main content

Understanding Access Control

Backends

A backend is a Knocknoc Knocknoc-supported technology that it can connect to and update ACLs. Using the flexible scripting backend, nearly any type of technology is supported. Because the backend technology is connected to Knocknoc via the agent, the scripting can easily be easily customised to suit your environment.environment's needs. 

ACL

An ACL or Access Control List is a named list of IP addresses. This is updated by the backend using either native support (eg HAproxy)HAProxy) or via a script. The script takes the IP and ACL name as an argument and updates the backend configuration. It needs to support add"add" and revoke,"revoke", and ideally be idempotent.

Groups

A group contains a list of ACLs and a list of Users that can useaccess those ACLs. Groups provided by SAML need to match the Knocknoc group name, and the ACLs selected for that group will apply.