View the latest documentation 5.5
Authentication modules are configured in the security configuration file. Lenses Administrator and Basic Auth do not require any configuration.
Multiple authentication configurations can be used together.
An admin account is available with default credentials admin/admin. If left at default, the Lenses UI will notify that the setup is insecure. You can secure the admin account.
admin
The supported options to authenticate User accounts are:
User Accounts belong to Groups and inherit the permissions. You can add and manage User Accounts via Lenses UI or Lenses CLI or API.
Service accounts are authenticated using custom or generated tokens.
Learn how permissions work.
Lenses provides data and application centric security via permissions on groups of users.
LDAP, Active Directory and Single-Sign-On provide user authentication and group management, while Kerberos provides only user authentication, but no group management.
Learn more about different authentication providers:
When working with LDAP or Active Directory, user and group management is done in LDAP.
Lenses provides fine-grained role-based access (RBAC) for your existing groups of users over data and applications. Create a group in Lenses with the same name (case-sensitive) as in LDAP/AD:
And set permissions. See how to configure LDAP.
When using an SSO solution such as Azure AD, Google, Okta, OneLogin or an open source like KeyCloak user and group management is done in the Identity Provider.
Lenses provides fine-grained role-based access (RBAC) for your existing groups of users over data and applications. Create a group in Lenses with the same name (case-sensitive) as in your SSO group.
And set permissions. See how to configure SSO.
When using Kerberos, the authentication of users is happening via SPNEGO.
1. First create a group of users
2. Then add users to groups
And set permissions. See how to configure Kerberos.
With Basic Authentication, create groups of users and add users to those groups. Authentication and authorization are fully managed, and users can change their passwords.
Learn more about permissions and create groups and add users.
For BASIC and LDAP authentication type, there is the option to set a policy to temporarily lock the account when successive log in attempts fail. Once the lock time window has passed the user can login again.
These two configuration entries enable the functionality (both of them have to be provided to take effect):
# Number of failed login attempts before an account is locked. lenses.security.lockout.user.attempts.max = "5" # The time in seconds to keep the account locked. lenses.security.lockout.user.period.sec = "600" #10 minutes
On this page