Access Control Overview#
Arthur supports a variety of mechanisms for authentication, who a user is, and authorization, what a user can do (RBAC). By default, Arthur will use a built-in authentication and authorization system. In on-prem installations, cluster administrators can optionally configure an external Identity Provider (IdP) to control user authentication and authorization. See the sections below for an overview of Arthur Standard Access Control and Arthur SSO Access Control.
Arthur Standard Access Control#
The Arthur Standard Access Control page shows how to use the default access control system in Arthur.
Single-Sign-On (SSO) Access Control (On-prem only)#
The Single-Sign-On (SSO) Access Control page shows how to set up and use an external IdP for access control.
Access Control Paradigm Comparison#
The following table shows a high level comparison of the different capabilities in Arthur Standard Access Control and Arthur SSO Access Control.
Capability |
Arthur Standard Access Control |
SSO Access Control |
|---|---|---|
User creation |
In the Arthur UI |
In the IdP |
User sign-in |
In the Arthur UI |
In the IdP |
User password reset |
In the Arthur UI |
In the IdP |
Can use Arthur API Keys |
Yes |
No |
Supports Custom Roles and RBAC |
No |
Yes |
Users can have access to multiple Arthur organizations |
Yes |
Yes |
Availability |
All Arthur installations |
On-prem only |
Required permissions to configure |
Organization Admin |
Installation/Cluster Admin |