Authentication
Configure authentication and user management.
Local Authentication
Default authentication with username/password stored in the database.
Create User
bash
# Via CLI
ops-atlas user create --username john --email john@example.com --role admin
# Via API
curl -X POST http://localhost:3000/api/v1/users \
-H "Authorization: Bearer $ADMIN_TOKEN" \
-H "Content-Type: application/json" \
-d '{"username": "john", "email": "john@example.com", "role": "admin"}'Roles
| Role | Permissions |
|---|---|
admin | Full access to all features |
developer | Deploy, view services, manage alerts |
viewer | Read-only access |
LDAP/Active Directory
yaml
auth:
provider: ldap
ldap:
url: ldap://ldap.example.com:389
base_dn: dc=example,dc=com
bind_dn: cn=admin,dc=example,dc=com
bind_password: ${LDAP_PASSWORD}
user_filter: (uid={0})
group_filter: (member={0})OAuth 2.0 / SSO
Google
yaml
auth:
provider: oauth
oauth:
provider: google
client_id: ${GOOGLE_CLIENT_ID}
client_secret: ${GOOGLE_CLIENT_SECRET}
allowed_domains:
- example.comGitHub
yaml
auth:
provider: oauth
oauth:
provider: github
client_id: ${GITHUB_CLIENT_ID}
client_secret: ${GITHUB_CLIENT_SECRET}
allowed_orgs:
- my-organizationAPI Keys
For programmatic access:
- Go to Settings → API Keys
- Click Generate New Key
- Set permissions and expiration
- Copy the key (shown only once)
bash
# Use in requests
curl -H "Authorization: Bearer ops_key_xxxx" \
http://localhost:3000/api/v1/servicesSession Management
Configure session behavior:
yaml
auth:
session:
timeout: 24h
max_sessions: 5
secure_cookies: true