Supported Conjur authenticators

In addition to its default authenticator, Conjur supports other industry-standard authentication types. You can configure Conjur to use one or a combination of several authenticator types.

The following authenticator types are supported:

Authentication type


authn Defines the Conjur Default Authenticator. Authentication for both users and hosts is based on an user ID / application identity (host id) respectively, as well as an API key. 
authn-oidc Leverages the identity layer provided by OIDC to allow applications to authenticate with Conjur and retrieve secrets needed for connecting to services such as a database.

Enables an AWS resource to use its AWS IAM role to authenticate with Conjur.


Enables an Azure resource to authenticate with Conjur


Enables an application to authenticate to Conjur using a JWT from a JWT Provider.


Enables a Google Cloud Platform resource to authenticate with Conjur

authn-k8s Authenticates Kubernetes resources, such as a Kubernetes namespace, deployment, stateful set, and others. Authentication is certificate-based using a mutual TLS connection.
authn-ldap Authenticates users based on an LDAP directory.