Skip to main content

Understanding Access Control

Backends

A backend is a Knocknoc-supported technology that can connect to and update ACLs. Using the flexible scripting backend, nearly any type of technology is supported. Because the backend technology is connected to Knocknoc via the agent, the scripting can easily be customised to suit your environment's needs. More "native" support for various backends is being added all the time. 

ACL

An ACL or Access Control List is a named list of IP addresses. This is updated by the backend using either native support (eg HAProxy) or via a script. The script takes the IP and ACL name as an argument and updates the backend configuration. It needs to support "add" and "revoke", and ideally be idempotent.

Groups

A group contains a list of ACLs and a list of Users that can access those ACLs. Groups provided by SAML need to match the Knocknoc group name, and the ACLs selected for that group will apply.

Back to top