Kloudfuse Authentication Introduction

Kloudfuse provides multiple layers of authentication to secure access to your clusters and data pipelines.

SAML

SAML (Security Assertion Markup Language) enables users to access multiple applications with a single set of credentials. It is an interoperable standard that allows different systems and devices to work together.

How SAML works

  1. An identity provider (IdP) authenticates a user.

  2. The IdP passes an authentication token to a service provider (SP).

  3. The SP operates without performing its own authentication.

  4. The SP passes the user’s identity to integrate internal and external users.

SSO

SSO (Single Sign-On) is an authentication scheme that enables you to use a single set of login credentials to access any independent or federated software system. SAML supports SSO by enabling federated identity management.

How SSO works

  1. A user logs in to an application.

  2. They are automatically signed in to other connected applications, making it easier to manage multiple accounts.

See the following documentation:

Ingest Authentication

Ingest Authentication prevents unauthorized access to data ingestion points, ensuring that only trusted sources can send data to the Kloudfuse platform. It verifies the identity of a source using a unique token or credential before allowing data to flow into the system.

Login and Session Security

Kloudfuse supports configurable protections against brute force attacks and session hijacking. You can limit the number of login attempts, set account lockout periods, and enable Redis-based session cookie validation to prevent cookie reuse after logout.

You can also customize the login page using Go templates and oauth2-proxy to meet corporate branding or compliance requirements.

Database Credentials

Kloudfuse uses PostgreSQL for internal data storage. If your deployment requires externally managed database credentials, you can supply them through a Kubernetes secret.