Keep supports various authentication providers and architectures to accommodate different deployment strategies and security needs, from development environments to production setups.
Choosing the right authentication strategy depends on your specific use case, security requirements, and deployment environment. You can read more about each authentication provider.
Identity Provider | RBAC | SAML/OIDC/SSO | LDAP | Resource-based permission | User Management | Group Management | On Prem | License |
---|---|---|---|---|---|---|---|---|
No Auth | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | OSS |
DB | ✅ (Predefiend roles) | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | OSS |
Auth0 | ✅ (Predefiend roles) | ✅ | 🚧 | 🚧 | ✅ | 🚧 | ❌ | EE |
Keycloak | ✅ (Custom roles) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | EE |
Oauth2Proxy | ✅ (Predefiend roles) | ✅ | ❌ | ❌ | N/A | N/A | ✅ | OSS |
Azure AD | ✅ (Predefiend roles) | ✅ | ❌ | ❌ | By Azure AD | By Azure AD | ✅ | EE |
Some authentication providers require additional environment variables. These will be covered in detail on the specific authentication provider pages.
The authentication scheme on Keep is controlled with environment variables both on the backend (Keep API) and the frontend (Keep UI).
Identity Provider | Environment Variable | Additional Variables Required |
---|---|---|
No Auth | AUTH_TYPE=NOAUTH | None |
DB | AUTH_TYPE=DB | KEEP_JWT_SECRET |
Auth0 | AUTH_TYPE=AUTH0 | AUTH0_DOMAIN , AUTH0_CLIENT_ID , AUTH0_CLIENT_SECRET |
Keycloak | AUTH_TYPE=KEYCLOAK | KEYCLOAK_URL , KEYCLOAK_REALM , KEYCLOAK_CLIENT_ID , KEYCLOAK_CLIENT_SECRET |
Oauth2Proxy | AUTH_TYPE=OAUTH2PROXY | OAUTH2_PROXY_USER_HEADER , OAUTH2_PROXY_ROLE_HEADER , OAUTH2_PROXY_AUTO_CREATE_USER |
AzureAD | AUTH_TYPE=AZUREAD | See AzureAD Configuration |
For more details on each authentication strategy, including setup instructions and implications, refer to the respective sections.
Keep supports various authentication providers and architectures to accommodate different deployment strategies and security needs, from development environments to production setups.
Choosing the right authentication strategy depends on your specific use case, security requirements, and deployment environment. You can read more about each authentication provider.
Identity Provider | RBAC | SAML/OIDC/SSO | LDAP | Resource-based permission | User Management | Group Management | On Prem | License |
---|---|---|---|---|---|---|---|---|
No Auth | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | OSS |
DB | ✅ (Predefiend roles) | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | OSS |
Auth0 | ✅ (Predefiend roles) | ✅ | 🚧 | 🚧 | ✅ | 🚧 | ❌ | EE |
Keycloak | ✅ (Custom roles) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | EE |
Oauth2Proxy | ✅ (Predefiend roles) | ✅ | ❌ | ❌ | N/A | N/A | ✅ | OSS |
Azure AD | ✅ (Predefiend roles) | ✅ | ❌ | ❌ | By Azure AD | By Azure AD | ✅ | EE |
Some authentication providers require additional environment variables. These will be covered in detail on the specific authentication provider pages.
The authentication scheme on Keep is controlled with environment variables both on the backend (Keep API) and the frontend (Keep UI).
Identity Provider | Environment Variable | Additional Variables Required |
---|---|---|
No Auth | AUTH_TYPE=NOAUTH | None |
DB | AUTH_TYPE=DB | KEEP_JWT_SECRET |
Auth0 | AUTH_TYPE=AUTH0 | AUTH0_DOMAIN , AUTH0_CLIENT_ID , AUTH0_CLIENT_SECRET |
Keycloak | AUTH_TYPE=KEYCLOAK | KEYCLOAK_URL , KEYCLOAK_REALM , KEYCLOAK_CLIENT_ID , KEYCLOAK_CLIENT_SECRET |
Oauth2Proxy | AUTH_TYPE=OAUTH2PROXY | OAUTH2_PROXY_USER_HEADER , OAUTH2_PROXY_ROLE_HEADER , OAUTH2_PROXY_AUTO_CREATE_USER |
AzureAD | AUTH_TYPE=AZUREAD | See AzureAD Configuration |
For more details on each authentication strategy, including setup instructions and implications, refer to the respective sections.