All pages
Powered by GitBook
1 of 11

Authentication

This page describes the authentication methods supported in Lenses.

Authentication is configured in HQ.

Users can authentication is two ways. Basic authentication and SSO / SAML. Additional specific users can be assigned as admin accounts.

Admin Account

This page describes how to configure admin accounts in Lenses.

You can configure a list of the principals (users, service accounts) with root admin access. Access control allows any API operation performed by such principals. If not set, it will default to [].

config.yaml
auth:
  administrators:
  - admin
  - brian.lifeof@lenses.io
  - bob.builder@lenses.io

Changing the Admin Password

Passwords need to be bcrypt hashes.

You can use the Lenses CLI to create a bcrypt password. You can download the CLI here. The executable for Lenses 6 CLI is called "hq". 

hq utils hash-password
auth:
  - admin
  - brian.lifeof@lenses.io
  - bob.builder@lenses.io
users:
  - username: admin
    password: $2a$12$XQW..XQrtZXCvbQWertqQeFi/1KoQW4eNephNXTfHqtoW9Q4qih5G

Basic Authentication

This page describes configuring basic authentication in Lenses.

Passwords need to bcrypt hashes.

This ensures that the passwords are hashed and secure rather than stored in plaintext. For instance, instead of using "builder" directly, it should be hashed using bcrypt.

An example of a bcrypt-hashed password looks like this:

$2a$12$XQW..XQrtZXCvbQWertqQeFi/1KoQW4eNephNXTfHqtoW9Q4qih5G.

Always ensure that you replace plaintext passwords with their bcrypt counterparts to securely authenticate users.

You can use the Lenses CLI to create a bcrypt password:

lenses utils hash-password
config.yaml
auth:
  users:
  - username: bob
    password: $2a$12$XQW..XQrtZXCvbQWertqQeFi/1KoQW4eNephNXTfHqtoW9Q4qih5G 
  - username: brain
    password: $2a$12$XQW..XQrtZXCvbQWertqQeFi/1KoQW4eNephNXTfHqtoW9Q4qih5G

SSO & SAML

This page describes configure SSO & SAML in Lenses for authentication.

Loading...

Azure SSO

This page describes configuring Azure SSO for Lenses authentication.

Learn more here about Azure SSO

1

Add Lenses from Azure SSO gallery

Go to Enterprise applications->New Application.

Search for Lenses.io in the gallery directory.

Choose a name for Lenses e.g. Lenses.io and click Add.

2

Enable SSO

On the overview page select Single Sign On.

3

Configure SAML

Setting
Value

Identifier (Entity ID)

Use the base url of the Lenses installation e.g. https://lenses-dev.example.com

Reply URL

Use the base url with the callback details e.g. https://lenses-dev.example.com/api/v2/auth/saml/callback?client_name=SAML2Client

Sign on URL

Use the base url

4

Download SAML Certificates

Download the Federation Metadata XML.

5

Configure SAML in HQ

Loading...

Loading...

Loading...

Loading...

Loading...