Skip to main content
In CKS, unmanaged authentication refers to the use of user identities and credentials that aren’t managed within the CoreWeave cloud platform.

API endpoint

CKS provides a Kubernetes API endpoint for implementing unmanaged authentication. This endpoint lets you authenticate with the Kubernetes API without relying on CoreWeave’s Managed Auth service. Use this endpoint if you prefer to manage your own authentication mechanisms for CKS clusters, such as OIDC, Service Account tokens, and authentication webhooks. The endpoint provides flexibility if you have specific authentication requirements that can’t be met through CoreWeave-managed authentication. The unmanaged auth API endpoint works best in the following scenarios:
  • OIDC authentication: Integrate standard OIDC IdPs for authentication to your CKS clusters.
  • Service Account authentication: Use Kubernetes Service Account tokens to authenticate with your CKS clusters.
  • Custom authentication providers: Integrate with enterprise identity systems not supported by standard OIDC.
  • Multi-factor authentication: Implement custom MFA workflows.
Unmanaged auth can be configured on existing clusters without requiring cluster recreation.
To learn how to implement unmanaged auth, see Implement unmanaged authentication.
Last modified on June 10, 2026