Overview
By default, an unauthenticated user will see the following authentication methods available on the UI, regardless of whether or not the auth methods are actually mounted or not:
This view can be customised configuring a default auth method in order to reduce confusion for users about how to log in via the UI.
Configuration Steps
To set a particular auth mount as the default, you need to set the listing_visibility on that auth mount to "unauth". See the sys/auth API docs for more detail.
For example, let's assume that you want your default auth method on the UI to be the LDAP auth method.
- Step 1: Enable the LDAP auth method
$ vault auth enable ldap
Success! Enabled ldap auth method at: ldap/- Step 2: Change
listing_visibilityto"unauth"using thesys/auth/ldap/tuneendpoint
$ vault write sys/auth/ldap/tune listing_visibility="unauth"
Success! Data written to: sys/auth/ldap/tune- Step 3: Visit the UI to see the result. The default auth method will appear as the first option, with all other auth options under a second tab called "Other":