Authentication
This section describes configuring user authentication in Lenses.
Authentication is configured in the security configuration file. Lenses Administrator and Basic Auth do not require any configuration.
Multiple authentication configurations can be used together.
Authentication settings go in security.conf.
The following authentication methods are available. Users, regardless of the method need to be mapped to groups.
Admin Account
Configure the Lenses admin account.
Azure AD
Configure Azure AD for Lenses.
Basic Authentication
Configure basic authentication for Lenses.
Custom HTTP
Configure a custom HTTP endpoint for authentication with Lenses.
LDAP
Configure LDAP for Lenses.
SAML & SSO
Configure SAML & SSO for Lenses.
Account Locking
For BASIC and LDAP authentication types, there is the option to set a policy to temporarily lock the account when successive login attempts fail. Once the lock time window has passed the user can log in again.
These two configuration entries enable the functionality (both of them have to be provided to take effect):
Group Mapping
A Group is a collection of permissions that defines the level of access for users belonging to it. Groups consist of:
Namespaces
Application permissions
Administration permissions
LDAP & Active Directory
When working with LDAP or Active Directory, user and group management is done in LDAP.
Lenses provides fine-grained role-based access (RBAC) for your existing groups of users over data and applications. Create a group in Lenses with the same name (case-sensitive) as in LDAP/AD.
SSO & SAML
When using an SSO solution such as Azure AD, Google, Okta, OneLogin or an open source like KeyCloak user and group management is done in the Identity Provider.
Lenses provides fine-grained role-based access (RBAC) for your existing groups of users over data and applications. Create a group in Lenses with the same name (case-sensitive) as in your SSO group.
Basic Auth
With Basic Authentication, create groups of users and add users to those groups. Authentication and authorization are fully managed, and users can change their passwords.
Last updated
Was this helpful?