-
Notifications
You must be signed in to change notification settings - Fork 393
Authentication methods
- Overview
- CloudBeaver Community Edition authentication types
- CloudBeaver Enterprise Edition authentication types
- CloudBeaver Enterprise Edition for AWS
CloudBeaver provides various authentication methods, configurable by administrators in the Settings -> Administration -> Server Configuration. These settings apply to logging into the CloudBeaver interface.
The Community Edition (CE) of CloudBeaver supports various types of authentication. Detailed information about each type is available in the sections below.
This method allows users to interact with CloudBeaver without needing to authenticate. Further details can be found in the Anonymous access configuration article.
Local access requires users to authenticate using a username and password. Administrators create user accounts and assign roles to define user permissions. For more detailed information, see the Local access authentication article.
This authentication method is based on HTTP
request headers. For more detailed information, see
the Reverse Proxy Header Authentication article.
In addition to the authentication methods supported by the Community Edition (CE), CloudBeaver Enterprise Edition (EE) offers a broader range of authentication options. For more detailed information on each method, please refer to the subsequent sections.
AWS IAM authentication allows logging in with IAM credentials, automatically assigning a 'User' role in CloudBeaver. For more details, see the AWS IAM article.
SSO (Single Sign-On) authentication can be used for access to CloudBeaver EE. Once an SSO user is authorized to CloudBeaver instance, the appropriate user is created in the application with the User role by default (you can find more information about SSO authentication at Single Sign On article).
OpenID Connect (OIDC) authentication enables users to log in using credentials from an OpenID Connect identity provider, simplifying the login process across different services. For further details, please consult the OpenID authentication article.
AWS OpenID Connect (OIDC) authentication integrates with AWS Identity and Access Management (IAM) to enable signing in using an OpenID Connect identity provider. This approach allows for the secure delegation of permissions to AWS resources based on the identity established by the provider. For more information, please refer to the AWS OpenID authentication article.
Okta OpenID Connect (OIDC) authentication allows applications to authenticate users via Okta's OIDC provider. This process enables secure and streamlined user access to applications and services without requiring them to manage multiple passwords. For more information, refer to the Okta OpenID Authentication article.
Cognito OpenID is a feature of Amazon Cognito that allows you to use Cognito as an OpenID Connect (OIDC) identity provider. By configuring Cognito as an OIDC provider, users can sign in to CloudBeaver using their existing accounts with OIDC identity providers. For more information, refer to the Cognito OpenID Authentication article.
Microsoft Entra ID, previously known as Azure AD, is a service that allows you to use Microsoft's cloud-based identity and access management service as an identity provider. By integrating Microsoft Entra ID with CloudBeaver, users can sign in using their Microsoft accounts, leveraging Azure Active Directory (Azure AD) for authentication. For more details, see the Microsoft Entra ID Authentication article.
Google Authentication is a method that allows users to sign in to CloudBeaver using their Google accounts. This integration leverages Google as an OpenID Connect (OIDC) identity provider, enabling users to authenticate with their existing Google credentials. For more information, refer to the Google Authentication article.
JWT (JSON Web Tokens) Authentication is a secure method to transmit information between parties as a JSON object. In the context of CloudBeaver, JWT authentication can be configured to verify the identity of users. For more information, refer to the JWT Authentication article.
NTLM (New Technology LAN Manager), is a suite of Microsoft security protocols used for user authentication and data protection in Windows networks. It operates on a challenge-response mechanism to verify user identity without transmitting passwords directly. For more information on configuration, refer to the NTLM Authentication article.
CloudBeaver Enterprise Edition for AWS offers compatibility with a range of authentication methods that facilitate integration with AWS services and other identity solutions. Below is the list of the supported authentication methods:
- Application overview
- Demo Server
- Administration
- Server configuration
- Create Connection
- Connection Templates Management
- Access Management
-
Authentication methods
- Local Access Authentication
- Anonymous Access Configuration
- Reverse proxy header authentication
- LDAP
- Single Sign On
- SAML
- OpenID
- AWS OpenID
- AWS SAML
- AWS IAM
- AWS OpenId via Okta
- Snowflake SSO
- Okta OpenId
- Cognito OpenId
- JWT authentication
- Kerberos authentication
- NTLM
- Microsoft Entra ID authentication
- Google authentication
- User credentials storage
- Cloud Explorer
- Cloud storage
- Query Manager
- Drivers Management
- Supported databases
- Accessibility
- Keyboard shortcuts
- Features
- Server configuration
- CloudBeaver and Nginx
- Domain manager
- Configuring HTTPS for Jetty server
- Product configuration parameters
- Command line parameters
- Local Preferences
- API
-
CloudBeaver Community
-
CloudBeaver AWS
-
CloudBeaver Enterprise
-
Deployment options
-
Development