Authentication
Overview
For every authentication-related question or issue, please join our Slack.
Authentication Providers
- No Authentication - Quick setup for testing or internal use cases.
- DB - Simple username/password authentication. Works well for small teams or for dev/stage environments. Users and hashed password are stored on DB.
- Auth0 - Utilize Auth0 for scalable, auth0-based authentication.
- Keycloak - Utilize Keycloak for enterprise authentication methods such as SSO/SAML/OIDC, advanced RBAC with custom roles, resource-level permissions, and integration with user directories (LDAP).
- AzureAD - Utilize Azure AD for SSO/SAML/OIDC nterprise authentication.
Authentication Features Comparison
| Identity Provider | RBAC | SAML/OIDC/SSO | LDAP | Resource-based permission | User Management | Group Management | On Prem | License |
|---|---|---|---|---|---|---|---|---|
| No Auth | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | OSS |
| DB | ✅ (Predefiend roles) | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | OSS |
| Auth0 | ✅ (Predefiend roles) | ✅ | 🚧 | 🚧 | ✅ | 🚧 | ❌ | EE |
| Keycloak | ✅ (Custom roles) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | EE |
| Oauth2Proxy | ✅ (Predefiend roles) | ✅ | ❌ | ❌ | N/A | N/A | ✅ | OSS |
| Azure AD | ✅ (Predefiend roles) | ✅ | ❌ | ❌ | By Azure AD | By Azure AD | ✅ | EE |
How To Configure
Some authentication providers require additional environment variables. These will be covered in detail on the specific authentication provider pages.
| Identity Provider | Environment Variable | Additional Variables Required |
|---|---|---|
| No Auth | AUTH_TYPE=NOAUTH | None |
| DB | AUTH_TYPE=DB | KEEP_JWT_SECRET |
| Auth0 | AUTH_TYPE=AUTH0 | AUTH0_DOMAIN, AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET |
| Keycloak | AUTH_TYPE=KEYCLOAK | KEYCLOAK_URL, KEYCLOAK_REALM, KEYCLOAK_CLIENT_ID, KEYCLOAK_CLIENT_SECRET |
| Oauth2Proxy | AUTH_TYPE=OAUTH2PROXY | OAUTH2_PROXY_USER_HEADER, OAUTH2_PROXY_ROLE_HEADER, OAUTH2_PROXY_AUTO_CREATE_USER |
| AzureAD | AUTH_TYPE=AZUREAD | See AzureAD Configuration |