Community

Blog

Common Fate

User Guide

Granted

Glide

Book a Demo

Support

A reference on the format for the `cf` CLI configuration file (`~/.cf/config` by default)

Config TOML reference

Introduction

This guide outlines the steps for deploying the Common Fate IAM platform using Terraform to your AWS environment. In this guide, you'll provisioning AWS resources, set up Single-Sign-On login, and configure DNS for your deployment.

Deploying Common Fate

Glossary

A guide to identifying and resolving common errors

Troubleshooting

Offerings Overview

Identity and Access Management is a critical aspect of cloud security, and as such, security is our top priority when developing and maintaining Common Fate.

Security

Learn how to use a custom sign-in URL for your Common Fate deployment.

Custom login domain

This guide outlines the steps applying database backups for RDS and DynamoDB in Common Fate deployments.

Managing Backups

Set up alerting for your Common Fate deployment.

Alerts

Learn how to enable managed monitoring for your Common Fate deployment.

Managed Monitoring

This guide will get you started using Granted to assume roles in AWS. It will take around 5 minutes to complete.

Getting Started

Run the `assume` command to assume a role with Granted.

Assuming roles

Opening the console

Headless environments

Export to ~/.aws/credentials

Export to a .env file

Granted can automatically populate your local AWS configuration file (`~/.aws/config` by default) with `granted sso generate` and `granted sso populate`.

AWS config file generation

Storing IAM credentials securely

Profile Registries

Configuration

Just-In-Time (JIT) access to roles

Automatically reassume roles (ZSH)

Cache Commands

Credential Process

Disabling usage tips

Inline Role Assumption

Using pass on Linux

Encrypting AWS SSO Tokens Using Gnome Keyring

Running Granted on Windows with WSL and VSCode

How different Assumers work in Granted

Prerequisites

Deployment setup

Running the deployment

Next steps

Providers

Concepts

Deploying PDK Providers

Access Rules

Users and Groups

Logging

Connecting to Slack

Using a custom domain

Identity provider sync configuration

Deployment tagging

Updating your deployment

Web Application Firewall (WAF) integration

Backup

Audit trail events

Deployment YAML reference

Single Sign On

AWS IAM Identity Center (Formerly Single Sign On)

Azure AD

Google Workspace

Okta

OneLogin

Filtering User and Group Imports

Updating your SSO configuration

Security Architecture

AWS Credentials

End User Guide

Migration Guide

Developing Providers

Installing the PDK CLI

Get started using the Common Fate CLI to request access.

CLI Quickstart

Requesting Access

Learn how to access to entitlements available in Common Fate.

This guide outlines the steps for configuring the Common Fate Terraform provider.

Setup Common Fate Terraform Provider

Learn how to make entitlements available for Just-In-Time (JIT) access.

Configuring Available Entitlements

This expains how to make workflows to be used in Common Fate.

Workflows

This expains how to make Selectors to be used in Common Fate.

Selectors

Learn how to make Availabilities to be used in Common Fate.

Availabilities

An overview of Common Fate's authorization system.

Learn how to validate Common Fate authorization policies.

Validating Cedar Policies

Learn how to author Common Fate authorization policies with Visual Studio Code.

Developing with Visual Studio Code

Validate authorization policies automatically in your CI platform.

Continuous Integration

Learn how to send events from Common Fate to an external SIEM.

Events

Learn how to inspect and debug authorization events within Common Fate.

Authorization

Preview the access which is granted by your authorization policies.

Preview Access

A guide to setting up Single-Sign-On to Common Fate using Microsoft Entra.

Microsoft Entra

A guide to setting up Single-Sign-On to Common Fate using AWS IAM Identity Center.

AWS IAM Identity Center

A guide to setting up Single-Sign-On to Common Fate using Okta.

PagerDuty

OpsGenie

Setup guide for the Common Fate GCP integration.

Google Cloud

Setup guide for the Common Fate BigQuery integration.

BigQuery

Setup guide for the Common Fate AWS integration.

Setup guide for the Common Fate AWS RDS integration.

AWS RDS

Setup guide for using Common Fate to grant access to IAM Identity Center groups

AWS IAM Identity Center Groups

Setup guide for the Common Fate Entra integration.

Entra

Setup guide for the Common Fate Okta integration.

Setup guide for the Common Fate DataStax integration.

DataStax

Slack

Send webhooks based on events in Common Fate

Webhooks

This page will detail migration steps to upgrade your deployment of Common Fate to new versions.

Environment variable	Default	Description
`CF_CONFIG_PATH`	`~/.cf/config`	The path to look for the TOML config file.
`CF_CONFIG_SOURCES`	`env,file`	The config sources to use in order of precendence. `env` is environment variables, `file` is the config file.

Key	Environment variable	Required	Description
`api_url`	`CF_API_URL`	Yes	The API URL to connect to
`access_url`	`CF_ACCESS_URL`	No	The Access URL to connect to (serves APIs for requesting and approving access). Defaults to the API URL if not provided and is used for development. In regular deployments this should not be overridden.
`authz_url`	`CF_AUTHZ_URL`	No	The Authz URL to connect to (serves APIs for reading resources and authorizing actions). Defaults to the API URL if not provided and is used for development. In regular deployments this should not be overridden.
`oidc_issuer`	`CF_OIDC_ISSUER`	Yes	The OIDC issuer for authenticating with Common Fate.
`oidc_client_id`	`CF_OIDC_CLIENT_ID`	Yes	The OIDC client ID for authenticating with Common Fate.
`oidc_client_secret`	`CF_OIDC_CLIENT_SECRET`	No	The OIDC client secret for authenticating with Common Fate. If specified, the CLI will use machine-to-machine authentication to obtain an OIDC access token.

User Guide

Config TOML reference

Config file format

Config file contexts

Using machine-to-machine authentication

User Guide

​Config file format

​Config file contexts

​Using machine-to-machine authentication

Config file format

Config file contexts

Using machine-to-machine authentication