Authentication Methods

To configure Authentication methods click on your name in the top right corner of the navigation bar and choose Cluster Settings from the dropdown menu. In the Cluster Settings Authentication tab you can configure how users authenticate.

1. TOTP Two-factor Authentication: can be disabled, optional or mandatory. If set to mandatory all users are required to set up two-factor authentication when registering.

   Note

   If two-factor is set to mandatory on a cluster with preexisting users all users will need to go through
   lost device recovery step to enable two-factor. So consider setting it to optional first and allow users to enable it before setting it to mandatory.

2. OAuth2: if your organization already have an identity management system compatible with OpenID Connect (OIDC) you can configure Hopsworks to use your identity provider by enabling OAuth as shown in the figure below. After enabling OAuth you can register your identity provider by clicking on Add Identity Provider button. See Create client for details.

Setup Authentication Methods

In the figure above we see a cluster with Two-factor authentication disabled and Oauth enabled with one registered identity provider called Keycloak (Keycloak is an open Source Identity and Access Management system).