Security

• Authentication
  • Multi-Factor Authentication
  • Configuring LDAP authentication
    • Connecting to a LDAP directory
      • Connection parameters
      • User mapping parameters
      • Group mapping parameters
      • On-demand provisioning
    • LDAP directory configuration templates
      • Standard LDAP directory using RFC2307 schema
      • Standard LDAP directory using RFC2307bis schema
      • Microsoft Active Directory
      • RedHat Identity Management and FreeIPA servers
    • Using secure LDAP connections
    • Managing users
    • Managing groups
  • Single Sign-On
    • Users supplier
      • Using SSO provisioning
      • Using an other external user source
      • Using local users
    • OpenID Connect (OIDC)
      • About OIDC
        • Glossary
        • Compatibility
        • OIDC features supported by DSS
        • How OIDC looks like with DSS
      • Setup OIDC in DSS
        • Registering a service provider entry for DSS on the identity provider.
        • Configuring DSS for OIDC authentication.
          • IDP configuration
          • OIDC Client configuration
          • Examples of scopes by IDPs
        • Mapping to the DSS user
        • User Supplier
        • Testing OIDC SSO
    • SAML
      • About SAML
        • Compatibility
      • Setup SAML in DSS
        • Registering a service provider entry for DSS on the identity provider.
        • Configuring DSS for SAML authentication.
          • Optional: configuring signed requests
        • Choosing the login attribute
        • Login remapping rules
        • User Supplier
        • Testing SAML SSO
      • Troubleshooting
        • Assertion audience does not include issuer
        • Response is destined for a different endpoint
        • DSS would not start after configuring SAML SSO
        • Login fails with “Unknown user <SOME_STRING>”
        • No acceptable Single Sign-on Service found
    • SPNEGO / Kerberos
      • Keytab mode
      • Custom JAAS mode
      • Login remapping rules
      • Configuring SPNEGO SSO
      • Troubleshooting
  • Azure AD
    • Configuration
      • Azure portal
      • DSS security settings
        • Connection credential
        • User Mapping
        • On-Demand Provisioning
        • User Profiles
        • Testing
    • Troubleshooting
  • Custom Authenticator and/or User Supplier
    • Packaging the plugin
    • DSS security settings
  • Authentication and user provisioning
  • Supported authenticators and user suppliers
    • Authenticators
    • User suppliers
  • Mapping profiles and groups
  • Synchronizing user attributes
  • Advanced functionalities
    • Supporting multiple authenticators and user suppliers
    • Example scenarios
      • Situation 1: Alice connects to DSS
      • Situation 2: Bob connects to DSS
      • Situation 3: Charlie connects to DSS
• Project Access
  • Discoverable projects
  • Private projects
  • Access Requests
    • Initiating a project access request
    • Managing a project access request
• Main project permissions
  • Per-project group permissions
    • Admin
    • Read project content
    • Write project content
    • Publish to Data Collections
    • Publish on workspaces
    • Export datasets
    • Run scenarios
    • Read dashboards
    • Write dashboards
    • Manage authorized objects
    • Manage shared objects
    • Execute app
  • Project owner
  • Project visibility
  • Per-project single user permissions
  • Sharing project via email
  • Global group permissions
    • Projects creation
    • Workspaces
    • Data Collections
    • Code execution
    • Code envs & Dynamic clusters
    • Advanced permissions
    • Write unisolated code: details
      • Regular security mode
      • User isolation enabled
  • Multiple group membership
• Connections security
  • Securing access to connections
  • Reading details of a connection
  • Per-user credentials for connections
  • Personal connections
• User profiles
• Shared objects
  • Quick and managed sharing
  • Sharing objects between projects via managed sharing
  • Sharing objects between projects via quick sharing
  • Permissions on shared objects
    • Dataset
    • Managed folder
    • Saved model
    • Other objects
  • Initiating an object-sharing request
  • Managing an object-sharing request
• Authorized objects
  • Scope
  • Adding objects to “Authorized objects” list
  • Details by object type
    • Dataset
    • Saved model
    • Managed folder
    • Jupyter notebook
    • Web app
    • Scenario
• User secrets
  • Entering user secrets
  • Using user secrets
    • Python
    • R
• Audit Trail
• Govern Security: Roles and Permissions
  • User actions
  • Roles Assignment
    • Roles Assignment Rules
      • User & API Keys selection
      • Criteria
    • Roles Inheritance
      • Blueprint Inheritance
      • Artifact Inheritance
  • Permissions
    • Artifact Permissions
      • Configuration per Role
      • Configuration for Everyone
    • Blueprint and Blueprint Version Permissions
• Passwords security
  • Local passwords database or not
  • Passwords complexity
  • Encryption of the local passwords database
  • 3rd party system credentials
• Advanced security options
  • Hiding error stacks
  • Hiding version info
  • Using secure cookies
  • Expiring sessions
  • Forcing a single session per user
  • Restricting visibility of groups and users
  • Redirecting to a custom URL after logout
  • Example general-settings.json file
  • Restricting exports
  • Setting security-related HTTP headers
  • Allowing DSS to be hosted inside an iframe
  • Prevent links to be clickable in data tables
  • Allowing DSS users to edit their display names and emails