Introducing Kong Identity
Kong Identity centralizes authentication in Konnect. It provides principals and directories as a shared identity layer to authenticate across Kong products.
Use Kong Identity to:
- Manage authenticating entities across Kong Gateway, Event Gateway, and Dev Portal in one place with principals. One principal can support multiple authentication types (multiple OAuth servers, API keys, and username/passwords)
- Drive complex gateway behavior with metadata attached to principals
- Act as an OAuth 2.0 compatible authorization server to allow complete OAuth protection to API endpoints and MCP servers
- Authenticate to APIs and Event Gateways via OIDC, API keys and username/passwords
Authenticate across Kong products
Set up authentication for Kong Gateway, Event Gateway, and Dev Portal with Kong Identity.
Kong Gateway
Authenticate API clients and look up principal metadata to drive plugin behavior.
Event Gateway
Authenticate Kafka clients and enrich connections with principal metadata for policy decisions.
Dev Portal
Register applications dynamically and apply Kong Gateway plugins to application traffic.
How-to guides
- Automatically create Dev Portal applications in Kong Identity with Dynamic Client Registration View →
- Encrypt and decrypt Kafka fields dynamically in message values with Kong Event Gateway View →
- Enrich Kafka OAuth connections with Kong Identity principal metadata View →
- Enrich Kafka SASL PLAIN connections with Kong Identity principal metadata View →
- Set up Kong Event Gateway with Kong Identity OAuth View →
- Authenticate OAuth clients with a Kong Identity authorization server View →
- Authenticate Principals with basic authentication View →
- View More →
API reference
Explore the reference documentation for the Kong Identity API.