Skip to content

Authentication

Authentication

koala can be configured to use local and a remote authentication mechanisms. Local accounts are saved in the database with hashed and salted passwords. Remote accounts can be authorized with LDAP or Single Sign-On via OpenId Connect, see Configuration. To allow a remote account to access koala it is nevertheless required to manually create a local account and assign appropriate permissions, see Permissions.

Functional accounts with permission=api must be created as local accounts.

Permissions

koala defines a set of permissions which restrict the access to different ui and api functions. Permissions are specified while creating or editing users via the ui.

The following permissions are available:

  • admin - grants the ability to access all ui functions
  • monitor - grants the ability to view the dashboard
  • api - grants the ability to execute all api functions
  • api_restricted - grants the ability to execute all api functions except deletion of assets and AIPs