Authentication Tab

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

Server Admins can set or change the site authentication mechanism. This is typically completed during the initial configuration of your Alation system, however, changes can be applied at any time.

On the Authentication tab, you can configure and test the parameters for LDAP authentication and select and save the authentication type. Starting in 2023.3, for Alation Cloud Service customers on the cloud native architecture, you can also manage OAuth client applications and rotate signing keys.

Alation supports the following types of authentication for logging into the Alation application:

  • Built-in this is the default authentication with a login and password created by a user. Users can sign up for an account on the login screen and log in after confirming their email.

  • LDAP requires configuration. You can configure LDAP authentication on the Authentication tab, test it, select LDAP as the active authentication method. For details about LDAP configuration, see User Authentication with LDAP.

  • SAML requires configuration and cannot be configured in Alation UI. Selecting and saving this value on the Authentication tab only serves informational purposes. SAML authentication should be configured and applied using the Alation backend. For details about SAML configuration, see Configure Authentication with SAML from Alation Shell.

User Signup Moderation Preference

Allows for turning signup moderation on and off. See Enable Signup Moderation.

Default User Role for New Accounts

Informs which role is currently the default. The default role is the role that all new users are assigned when they sign up for an account.

From release 2020.3, the default role can be configured. To set a default role, select a role from the role dropdown list and Save:

../../_images/AuthTab_03.png

The default role applies to all new users and all authentication methods (built-in, LDAP, or SAML):

  • New users who sign up using built-in authentication will be assigned the default role;

  • New users who log in using LDAP authentication will be assigned the default role;

  • New users who sign up using SAML authentication will be assigned the default role.

The default role assignment can be changed for each individual user on the Admin Settings > Server Admin > Users tab. See Manage Users.

Use Custom Groups to Manage User Suspension and Activation

From version 2021.1, it is possible to enable automatic suspension and activation of users accounts based on custom group membership. When this option is turned on, the default role and the User Signup Moderation Preference will be deactivated. For details, see Use Custom Groups to Assign User Roles.

OAuth Client Applications

Applies to 2023.3 and newer

Applies only to Alation Cloud Service on the cloud native architecture

In this section, you can create and edit OAuth client applications for the purpose of authenticating against Alation APIs. See Authenticate API Calls with OAuth 2.0 for more information.

Signing Keys

Applies to 2023.3 and newer

Applies only to Alation Cloud Service on the cloud native architecture

In this section, you can rotate signing keys for your OAuth client applications. See Rotate the Signing Key for more information.