In the modern IT environment, security has become of paramount concern. Traditionally, access control to critical systems was implemented at user level through strict enforcement of lengthy, complex passwords, that must be changed often. This has resulted in a massive duplication of credentials-based systems, and has led to a complicated, brittle, user-toxic arrangement where at best, a user is expected to maintain many strong different passwords, and at worst, a user becomes a vulnerability through poor password choice, or password re-use.
Increasingly intelligent authorization through token-based standards has allowed access to a wide range of enhanced, cloud based, security and authorization solutions implemented through API’s for almost any application requirement. With the introduction of our External Authentication extension, Portainer is pleased to provide OAuth based industry standard authentication as an enhancement to the open source Portainer CE toolset.
The External Authentication extension is designed to assist all users in securing access to the power of the Portainer CE toolset, without having to maintain a disparate list of users and passwords within the product. Prior to this extension, all user credentials needed to be manually updated as staff changed.
Additionally, in a corporate setting, the manual synchronization between credentials used within Portainer and the corporate security directory is cumbersome and having to pre-create all accounts in Portainer is an operational burden at scale. With this extension, these issues are avoided and the creation of yet another username and password combination avoided.
Multi-factor authentication has become table-stakes in securing access to software. MFA is the standard approach to validating that an actual authorised user is accessing a system. In the absence of MFA, systems (like Portainer) simply assume that use of a valid login name and password are proof of authorization. By implementing an OAuth based external authorization extension, Portainer users can access any number of third-party MFA solutions.
The Portainer development team has implemented the OAuth open standard. OAuth has become the gold standard in identity validation. It's the standard that the internet uses across all modern applications, and it’s the standard that cloud providers use when creating SaaS applications.
With large numbers of organisations moving to either Office365 or Google gSuite, there are already many organizations already OAuth enabled, already taking advantage of centralized identity management. While SAML, LDAP and Kerberos are still in use as alternative primary user authentication protocols, these are not built for large scale distributed applications and are unable to easily be consumed by 3rd party applications. As application landscapes are changing, these protocols are decreasing in their use and popularity.
Please note that Portainer Version 1.20.2 (or later) is required to support the External Authentication extension.
For a brief overview of the External Authentication extension, please click here
Purchase a license for the External Authentication extension here
To download the user guides for the External Authentication extension, please click here
Take advantage of our cost effective support options to keep your Portainer environments running smoothly
Access the detailed function reference here
Engage with the Portainer Team to manage your container platform, or get design and build assistance from the experts.