Configure authentication
Datagrok supports many authentication methods, including popular methods such as SSO and OAuth:
You can enable all methods separately or combined.
If supported authentication methods do not work for you, contact us on info@datagrok.ai, and we will discuss options for your specific case.
General (login-password) authentication
General (login-password) authentication is the most basic method to authenticate users with Datagrok.
To configure login-password authentication:
- Go to the Settings > Users and Sessions. This section contains all authentication settings.
- To use the login-password method, enable 'Internal authentication' in General section
- To disable signup uncheck 'Signup Allowed' option
- To restrict from which domains people can sign up to the platform, use the 'Signup Domains Whitelist' option. You can set several domains separated with commas.
- To force people to use active emails, enable the 'Require Email Confirm' option .
For login-password authentication, it is important to configure an email service that will deliver signup, welcome, confirmation and forgot password emails.
Add users
To create user:
- On the Sidebar go to Manage > Users.
- On the Toolbox click Add User. Create new user dialog appears.
- Fill all input fields and click OK. New User profile appears. Click Save on the Top Bar.
Use user groups to manage user permissions inside platform.
LDAP authentication
Datagrok integrates with your LDAP or Active Directory server enabling the smooth domain authentication mechanism across all your services.
- Go to the Settings > Users and Sessions. This section contains all authentication settings.
- To use the LDAP method, enable 'Domain authentication'
- Enable 'Domain signup' to enable all users present on a domain controller to authenticate in the Datagrok platform. If the option is disabled, it is required to create the user in the Datagrok platform first to allow the user to log into the platform
- Configure LDAP server address/DNS name
- Set LDAP server port
- Enable LDAP SSL if you use LDAPS on your server
- Set LDAP Base DN. It should look like
dc=datagrok,dc=ai
. - Set LDAP User DN. It should look like
CN=USER-DATAGROK,OU=users,DC=datagrok,DC=ai
- Set LDAP User password
Oauth authentication
Datagrok supports Google, Facebook and GitHub OAUTH authentication.
- Go to the Datagrok Settings section 'Users and Sessions'; this section contains all authentication settings.
- Enable 'Google authentication' to use the Google Oauth method (or another provider)
- Set 'Client Id' and 'Secret' if applicable. You can get it from your OpenID provider
- Make sure the correct Web Root is set in 'Admin' section
OpenID authentication
Datagrok supports the OpenID protocol to allow users to be authenticated using OpenID providers, for example, Azure AD.
- Go to the Datagrok Settings section 'Users and Sessions'; this section contains all authentication settings.
- Enable 'Open Id authentication' to use the OpenID method
- Get a well-known-configuration route and set it to 'Open Id Config Endpoint'. It should look
like
https://login.datagrok.ai/.well-known/openid-configuration
- Set 'Open Id Client Id' and 'Open Id Secret' as in your OpenId provider
- Set the' Open Id Code Challenge method' if you enabled authorization code encryption. In most cases, it is
S256
- Set 'Open Id Login Claim', 'Open Id Email Claim', 'Open Id First Name Claim', and 'Open Id Last Name Claim' to provide optional claims for the application
- OpenID auto-login can be enabled using the 'Open Id Auto Login' option
- Make sure the correct Web Root is set in 'Admin' section