Skip to main content
In this step-by-step guide, you’ll learn how to configure authentication methods in HashiCorp Vault via its web UI. We’ll cover:
StepActionDescription
1Logging in with OktaAuthenticate using your Okta credentials
2Enabling a new auth methodMount the userpass plugin with customized settings
3Creating a userAdd credentials and assign policies
4Testing login via the CLIVerify access by obtaining a Vault token
5Disabling & editing methodsManage or remove existing auth mounts

1. Logging in with Okta

  1. Open the Vault UI and select Okta as the authentication method.
  2. Enter your Username and Password, then click Sign In.
  3. Optionally, choose to save your credentials for future sessions.
The image shows a login page for "Vault" with fields for method, username, and password, and a "Sign In" button. The method selected is "Okta," and there are options for saving the password.
After successful authentication, you’ll be redirected to the Vault dashboard.

2. Enabling a New Auth Method

Navigate to Access → Auth Methods, then click Enable new method. You’ll see categories for Generic, Cloud, and Infra authentication plugins:
The image shows a web interface for enabling an authentication method in Vault, with options for Generic, Cloud, and Infra authentication types. Various methods like AppRole, AWS, Azure, and Kubernetes are available for selection.
Select Username & Password (userpass) and click Next. Configure the mount options:
  • Path: vault
  • Default TTL: 30m
  • Max TTL: 24h
  • Token Type: service (default)
  • Description: My cool new Auth Method
Default TTL controls how long issued tokens remain valid before renewal.
If you have Vault Enterprise, you can also enable Seal Wrap for enhanced security. When ready, click Enable method:
The image shows a web interface for enabling a username and password authentication method in a Vault application, with various configuration options like path, description, and token type.
Your new userpass method is now mounted at vault/.

3. Creating a User via the UI

  1. Go back to Access → Auth Methods and click on the vault mount (userpass).
  2. Select Create User.
  3. Fill out the form:
    • Username: bob
    • Password: Bob is cool
    • Policies: bryan, default
  4. Click Save. The user bob is now created and associated with the specified policies.
The image shows a user interface for creating a new user in a system, with fields for username, password, and token settings. It includes options for configuring generated token policies and settings.

4. Testing Login via the CLI

Set your Vault server address and an existing admin token (Okta): 
export VAULT_ADDR="https://your-vault-address:8200"
export VAULT_TOKEN="s.TEKrNn3Cv53pZdbPh8xg4TPu"
Then log in as bob: 
vault login -method=userpass username=bob password='Bob is cool'
If you encounter a permissions error, verify that policies and mount path are correct: 
Error logging in: error validating credentials: permission denied
On success, Vault returns a new client token.

5. Disabling and Editing Auth Methods

To manage existing mounts:
  • Disable: Click the three-dot menu next to the method and choose Disable, then confirm deletion of all related data.
  • Edit: Select View/Edit beside a method to update its configuration.
For example, updating Azure auth settings lets you change Tenant ID, Resource, and Environment:
The image shows a configuration page for setting up Azure in a Vault application, with fields for Tenant ID, Resource, and Environment. There are options to save the configuration and view method options.
Disabling an auth method permanently removes its data. Make sure you’ve migrated or no longer need it before confirmation.
Configuring Vault auth methods via the UI simplifies access control management. You can rapidly enable plugins, define policies, onboard users, test logins, and remove methods without leaving your browser.

Watch Video