Authentication
Overview
Understanding and configuring the appropriate authentication method is essential for protecting your resources and data. Choose the one that aligns with your deployment strategy and security requirements.
Multi-tenant authentication
To run Keep’s managed platform, we use multi tenant authentication, meaning that different tenants can work separately on Keep’s platform. As Keep is fully open source, you can also use it.

When to use?
Supported providers
For multi-tenant authentication, we currently use Auth0, but additional providers could be added (just submit a GitHub issue with the required provider).
Setup instructions
To spin up Keep with Auth0 as a provider, set up the following environment variables:
Backend
AUTH_TYPE=MULTI_TENANT
AUTH0_MANAGEMENT_DOMAIN=
AUTH0_CLIENT_ID=
AUTH0_CLIENT_SECRET=
AUTH0_AUDIENCE=
Frontend
AUTH_TYPE=MULTI_TENANT
AUTH0_CLIENT_ID=
AUTH0_CLIENT_SECRET=
AUTH0_ISSUER=
Single tenant authentication
Deploy self-hosted Keep with users management and authentication.

When to use
When you self-deploy Keep but still need user management and authentication.
Supported providers
Username/Password, but additional providers could be added (just submit a GitHub issue with the required provider).
Setup instructions
The easiest way would be to use docker-compose-with-auth.yml which populates the following environment variables:
Backend
- AUTH_TYPE=SINGLE_TENANT
- KEEP_JWT_SECRET=keepjwtsecret # should be replaced
- KEEP_DEFAULT_USERNAME=admin # should be replaced
- KEEP_DEFAULT_PASSWORD=keep # should be replaced
Frontend
- AUTH_TYPE=SINGLE_TENANT
Single tenant - no authentication
Deploy self-hosted Keep without authentication.
When to use
When you want to try Keep as quick as possible. For example spinning it up on your localhost. For production usages, you should use authentication.
Supported providers
N/A
Setup instructions
The default docker-compose.yml file demonstrates how to start Keep without authentication.