Skip to content

Getting Started

KelTech Services edited this page Jul 13, 2026 · 1 revision

Getting started

What IdPVault does

IdPVault takes scheduled, encrypted snapshots of your identity providers (Authentik, Okta, and Auth0), detects configuration changes between snapshots, and can restore configuration (and deleted apps) back into the live tenant. Everything runs on your own infrastructure; nothing is sent to us, ever.

First run

  • Deploy the container and open the web UI. On a fresh install the setup wizard creates your admin account, with no credentials in config files.

  • Add your first tenant: Dashboard → + Add tenant. Pick the provider first; the form adapts to what that provider needs.

  • Click Backup now to take your first snapshot, then set a schedule (cron, UTC) so backups run themselves.

Connecting each provider


Provider Credential How to get it
Authentik API token Admin → Tokens & App passwords → create a token for a service account with read (and, for restore, write) permissions.
Okta SSWS API token Admin → Security → API → Tokens. Created under an admin account; inherits that account's permissions.
Auth0 Client ID + Client Secret Create a Machine-to-Machine application authorized for the Management API. IdPVault mints short-lived tokens automatically, so there are no expiring pasted tokens.

All credentials are encrypted at rest with envelope encryption (AES-256-GCM) the moment they are saved.

Day-to-day

The dashboard shows coverage, unbacked changes, and storage. The Events page lists every detected change. Alerts (webhook + email) tell you when something changed, failed, or was restored; see Alerts & notifications.

Clone this wiki locally