Authentication

Authentication is configured in the security configuration file. Lenses Administrator and Basic Auth do not require any configuration.

The following authentication methods are available. Users, regardless of the method need to be mapped to groups.

Account Locking

For BASIC and LDAP authentication types, there is the option to set a policy to temporarily lock the account when successive login attempts fail. Once the lock time window has passed the user can log in again.

These two configuration entries enable the functionality (both of them have to be provided to take effect):

# Number of failed login attempts before an account is locked.
lenses.security.lockout.user.attempts.max = "5"

# The time in seconds to keep the account locked.
lenses.security.lockout.user.period.sec = "600"  #10 minutes

Group Mapping

A Group is a collection of permissions that defines the level of access for users belonging to it. Groups consist of:

• Namespaces

• Application permissions

• Administration permissions

LDAP & Active Directory

When working with LDAP or Active Directory, user and group management is done in LDAP.

Lenses provides fine-grained role-based access (RBAC) for your existing groups of users over data and applications. Create a group in Lenses with the same name (case-sensitive) as in LDAP/AD.

SSO & SAML

When using an SSO solution such as Azure AD, Google, Okta, OneLogin or an open source like KeyCloak user and group management is done in the Identity Provider.

Lenses provides fine-grained role-based access (RBAC) for your existing groups of users over data and applications. Create a group in Lenses with the same name (case-sensitive) as in your SSO group.

Basic Auth

With Basic Authentication, create groups of users and add users to those groups. Authentication and authorization are fully managed, and users can change their passwords.