By default, an unauthenticated user will see the following authentication methods available on the UI, regardless of whether or not the auth methods are actually mounted or not:
As of Vault version 0.10.4, you can customize this by configuring a default auth method in order to reduce confusion for users about how to log in via the UI.
To set a particular auth mount as the default, you need to set the
listing_visibility on that auth mount to "unauth". See the sys/auth API docs for more detail.
For example, let's assume that you want your default auth method on the UI to be the LDAP auth method.
- Step 1: Enable the LDAP auth method
$ vault auth enable ldap
Success! Enabled ldap auth method at: ldap/
- Step 2: Change
$ vault write sys/auth/ldap/tune listing_visibility="unauth"
Success! Data written to: sys/auth/ldap/tune
- Step 3: Visit the UI to see the result. The default auth method will appear as the first option, with all other auth options under a second tab called "Other":