Loft provides regular email+password based authentication but also integrates with a variety of external auth providers for single sign-on via the OpenID Connect protocol. You can even configure Loft to use multiple authentication providers if that is what you need.
- SAML 2.0
- Other Options
Authentication with username and password is enabled by default but you can also disable password-based authentication if you want to force users to use single sign-on (SSO).
When using password-based authentication, you have to manually add users either via the UI or via kubectl.
Create UserSTEP 2
Send Invite Link To User (optional)
If you did not specify a password for the user in step 1, Loft will automatically generate an invite link with a one-time access token for this user. If you send these invite links to your users, they will be logged in and asked to change their password.
After adding new users, don't forget to send them the Loft Onboarding Guide For New Users.