> ## Documentation Index > Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt > Use this file to discover all available pages before exploring further. # July 7, 2025 - Unmanaged auth API > Unmanaged authentication API for CKS clusters, enabling OIDC, Service Account, and Webhook authentication **New Kubernetes API endpoint for unmanaged auth is now available in CKS,** enabling custom authentication workflows. ## Kubernetes API endpoint for unmanaged auth A new [Kubernetes API endpoint for unmanaged authentication](/products/cks/auth-access/unmanaged-auth/introduction) is now available in CKS, streamlining OIDC, Service Account, and Webhook authentication workflows for public CKS clusters. Prior to this release, customers were required to first use CoreWeave-managed authentication to provision their own endpoint to support these unmanaged authentication workflows. ### Managed Auth vs. unmanaged auth #### Managed Auth The managed authentication endpoint follows the format `https://-.k8s..coreweave.com` and can be found on the [Cluster Status](/products/cks/clusters/create#view-details-of-deployed-clusters) page of the CoreWeave Cloud Console by clicking **Copy public address**. The Managed Auth service handles user authentication and authorization only for [user identities](/security/authn-authz/orgs-users) in the CoreWeave Cloud Console. It does not support Kubernetes Service Account tokens, OIDC access tokens, or anonymous API server URIs. Kubeconfigs for CKS clusters that are [generated by the CoreWeave Cloud Console](/security/authn-authz/manage-api-access-tokens) use the Managed Auth endpoint by default. #### Unmanaged auth The new unmanaged authentication endpoint is available at `https://api.-.k8s..coreweave.com`. You can create this URL by adding the `api.` prefix after clicking **Copy public address** on the Cluster Status page. Unmanaged authentication allows users to authenticate with the Kubernetes API using Kubernetes Service Account Tokens, OIDC access tokens, or anonymous API server URIs. This endpoint is intended for users who prefer to manage their own authentication and authorization mechanisms. Kubeconfigs and access tokens generated by the CoreWeave Cloud Console for CKS clusters are not supported by this endpoint. **Deprecated endpoint** CKS clusters previously offered an undocumented unmanaged authentication endpoint at `https://api.-.k8s..coreweave.com`. **This endpoint is now deprecated.** ### Use cases This endpoint streamlines several authentication scenarios: * **OIDC authentication**: Integrate standard OIDC IdPs for authentication to your CKS clusters * **Service Account authentication**: Use Kubernetes Service Account tokens to authenticate with your CKS clusters * **Custom authentication providers**: Integrate with enterprise identity systems not supported by standard OIDC * **Multi-factor authentication**: Implement custom MFA workflows ### Migration considerations This is an additive change, introducing a new endpoint for CKS clusters that can be used to support authentication strategies that aren't supported by the managed authentication endpoint. Customers who previously configured their own custom endpoints for unmanaged authentication can continue to use those. This change introduces no incompatibilities with existing workflows. ### Configuration Unmanaged auth can be configured on existing clusters without requiring cluster recreation. To configure unmanaged auth: 1. **Deploy your authentication webhook**: Host your custom authentication service that implements the Kubernetes authentication webhook interface 2. **Configure the webhook in CKS**: Use the CKS API to configure the authentication webhook endpoint 3. **Test the integration**: Verify that your custom authentication workflow functions correctly **Learn more** For detailed API reference information, see [CKS API Reference](/products/cks/reference/cks-api). ## Support For questions about the unmanaged authentication endpoint, contact [CoreWeave Support](/support). ## Additional resources * [CKS Clusters](/products/cks/clusters/introduction) * [CKS API Reference](/products/cks/reference/cks-api) * [CKS Authentication and Access](/products/cks/auth-access/introduction)