Authentication
Learn how to set up user authentication methods
Overview
On the Authentication page, user access is set up to the server. Three types of authentication are supported:
Built-in authentication (username + password)
SAML SSO
Google OpenID Connect (OIDC) / Google OAuth2
Built-in authentication
Built-in authentication is enabled by default. In this configuration, a new user can only sign up to the VPC via the signup links provided by the admins. This allows admin control over who can sign up to the Code Ocean VPC.
SAML SSO and Google OpenID Connect (OIDC)
These two authentication methods allow an admin to use the client's existing identity provider to simplify sign-in to Code Ocean.
When configuring Google OIDC or SAML SSO, an admin can disable the built-in authentication method to require signups through the client's own identity provider This is considered a security best practice.
An admin can allow built-in authentication when using an identity provider to enable logins for users outside the client's company domain.
Code Ocean VPC supports Identity Provider (IdP) initiated SAML SSO. This allows an admin to add Code Ocean as an application in their organization portal for quick discovery and access by users.
Create New Configuration Authentication
Step 1: Choose your preferred authentication method
In the Admin Panel, you can view the three options with the Built-in authentication checked as the default option.
Select SAML SSO and OIDC to open the configuration form.
Once you choose SAML SSO or OIDC, the configuration form will appear with the steps for you to follow.
Step 2: Enable built-in authentication in addition to this provider.
You can decide if you want to enable the built-in authentication or not.
Step 3: SAML Assertion Consumer Service URL / OAuth2 callback URL
The information you need to provide to the identity provider’s configuration pages is indicated in the following step:
You can copy the value.
You need to provide:
ACS URL
Entity ID
Step 4: Provide the following information from your identity provider
You will find the values to fill in step 4 on the identity provider’s configuration pages.
You need to find the following field on the identity provider's configuration pages:
Single Sign-on URL
Entity ID
x.509 Certificate
Enable the Configuration
Once all the steps are complete, click Enable at the bottom of the form to set the new Authentication method.
Switching Configuration Authentication
When you enter the Authentication page, the current authentication method is checked. To switch to a different method, select that method to bring up the configuration form.
Click Enable at the bottom of the form to change the authentication setting.
If that method is not configured, follow the above steps to set up the configuration.
If the method is configured, some fields will not display the values for security reasons. for example OpenID's Client Secret.
To switch back to Built-in authentication and disable the other two methods. Click Built-in authentication on Step1, then click Enable Built-in Authentication on step 2.
This will clear the existing configuration and reset it to the default built-in authentication method.
Last updated