Code Ocean VPC Administration Guide
v2.16
v2.16
  • Code Ocean VPC Administration Guide
  • Overview
    • System Overview
    • System Capacity and Sizing
  • Installation Guide
    • Prerequisites
    • CloudFormation Deployment
    • Deployment Parameters
    • Deployed IAM Resources
    • Subdomain Delegation
    • Create an Admin Account
    • Upgrade Code Ocean
    • Remove Code Ocean
    • Least privileged deployment IAM role
  • Management Guide
    • User Management
      • Admin Signup
      • Adding/Removing an Administrator
      • Inviting New Users
      • Generating a Reset Password Link
      • Deactivate User
    • Set up a User Banner Message
    • Enable Git Integration
    • Starter Environments
      • Deploy Base Image
      • Image Actions
      • Deploying Private Docker Base Images
    • Authentication
    • SCIM Provisioning using Azure Active Directory
    • SCIM Provisioning using Okta
    • Configure Worker Parameters
    • ACM Certificate Renewal
    • Deleting Released Capsules
    • Assumable Roles
  • Troubleshooting Guide
    • Collecting Logs with the Support Bundle
    • Searching Logs in AWS CloudWatch
    • Alarms
Powered by GitBook
On this page
  • Overview
  • ‌Built-in authentication
  • SAML SSO and Google OpenID Connect (OIDC)
  • Create New Configuration Authentication
  • Step 1: Choose your preferred authentication method
  • Step 2: Enable built-in authentication in addition to this provider.
  • Step 3: SAML Assertion Consumer Service URL / OAuth2 callback URL
  • Step 4: Provide the following information from your identity provider
  • Enable the Configuration
  • Switching Configuration Authentication

Was this helpful?

  1. Management Guide

Authentication

Learn how to set up user authentication methods

Overview

On the Authentication page, user access is set up to the server. Three types of authentication are supported:‌

  1. Built-in authentication (username + password)

  2. SAML SSO

  3. Google OpenID Connect (OIDC) / Google OAuth2

‌Built-in authentication

Built-in authentication is enabled by default.‌ In this configuration, a new user can only sign up to the VPC via the signup links provided by the admins. This allows admin control over who can sign up to the Code Ocean VPC.‌

SAML SSO and Google OpenID Connect (OIDC)

These two authentication methods allow an admin to use the client's existing identity provider to simplify sign-in to Code Ocean.‌

When configuring Google OIDC or SAML SSO, an admin can disable the built-in authentication method to require signups through the client's own identity provider This is considered a security best practice.‌

An admin can allow built-in authentication when using an identity provider to enable logins for users outside the client's company domain.‌

Code Ocean VPC supports Identity Provider (IdP) initiated SAML SSO. This allows an admin to add Code Ocean as an application in their organization portal for quick discovery and access by users.

Create New Configuration Authentication

Step 1: Choose your preferred authentication method

In the Admin Panel, you can view the three options with the Built-in authentication checked as the default option.

Select SAML SSO and OIDC to open the configuration form.

Once you choose SAML SSO or OIDC, the configuration form will appear with the steps for you to follow.

Step 2: Enable built-in authentication in addition to this provider.

You can decide if you want to enable the built-in authentication or not.

Step 3: SAML Assertion Consumer Service URL / OAuth2 callback URL

The information you need to provide to the identity provider’s configuration pages is indicated in the following step:

You can copy the value.

You need to provide:

  • ACS URL

  • Entity ID

You need to provide:

  • Authorized Javascript origins

  • Authorized Redirect URIs

Configuring google OAuth2

2. Choose OAuth client ID

3. Under application type select Web application

4. Provide Authorized Javascript origins and Authorized Redirect URIs

  • Under “Authorized javascript origins” click the “ADD URI” button

  • Under “Authorized redirect URIs” click the “ADD URI” button

5. Click the Create button at the bottom of the page

Step 4: Provide the following information from your identity provider

You will find the values to fill in step 4 on the identity provider’s configuration pages.

You need to find the following field on the identity provider's configuration pages:

  • Single Sign-on URL

  • Entity ID

  • x.509 Certificate

After the OAuth2 is created. Copy the text from Your Client ID and Your Client Secret textboxes to their respective fields (Client ID and Client Secret) in the admin dashboard step 4.

Enable the Configuration

Once all the steps are complete, click Enable at the bottom of the form to set the new Authentication method.

Switching Configuration Authentication

When you enter the Authentication page, the current authentication method is checked. To switch to a different method, select that method to bring up the configuration form.

Click Enable at the bottom of the form to change the authentication setting.

If that method is not configured, follow the above steps to set up the configuration.

If the method is configured, some fields will not display the values for security reasons. for example OpenID's Client Secret.

To switch back to Built-in authentication and disable the other two methods. Click Built-in authentication on Step1, then click Enable Built-in Authentication on step 2.

This will clear the existing configuration and reset it to the default built-in authentication method.

PreviousDeploying Private Docker Base ImagesNextSCIM Provisioning using Azure Active Directory

Was this helpful?

1. Go to and click the Create Credentials button

Google Cloud Platform