Skip to content

Authentication Methods#

Introduction#

Hopsworks can be configured to use different type of authentication methods. In this guide we will look at the different authentication methods available in Hopsworks.

Prerequisites#

Administrator account on a Hopsworks cluster.

Step 1: Go to Authentication methods page#

To configure Authentication methods click on your name in the top right corner of the navigation bar and choose Cluster Settings from the dropdown menu.

Step 2: Configure Authentication methods#

In the Cluster Settings Authentication tab you can configure how users authenticate.

  1. TOTP Two-factor Authentication: can be disabled, optional or mandatory. If set to mandatory all users are required to set up two-factor authentication when registering.

    Note

    If two-factor is set to mandatory on a cluster with preexisting users all users will need to go through
    lost device recovery step to enable two-factor. So consider setting it to optional first and allow users to enable it before setting it to mandatory.

  2. OAuth2: if your organization already have an identity management system compatible with OpenID Connect (OIDC) you can configure Hopsworks to use your identity provider by enabling OAuth as shown in the figure below. After enabling OAuth you can register your identity provider by clicking on Add Identity Provider button. See Create client for details.

  3. LDAP/Kerberos: if your organization is using LDAP or Kerberos to manage users and services you can configure Hopsworks to use it as the user management system. You can enable LDAP/Kerberos by clicking on the checkbox, as shown in the figure below, and choosing LDAP or Kerberos. For more information on how to configure LDAP and Kerberos see Configure LDAP and Configure Kerberos.
Authentication config
Setup Authentication Methods

In the figure above we see a cluster with Two-factor authentication disabled, OAuth enabled with one registered identity provider and LDAP authentication enabled.