2022.04

2022.04

  • Imply
  • Ingest
  • Query
  • Visualize
  • Administer
  • Deploy

›Authentication and Authorization

Overview

  • About Imply administration

Manager

  • Using Imply Manager
  • Managing Imply clusters
  • Imply Manager security
  • Extensions

Users

  • Imply Manager users
  • Druid API access
  • Authentication and Authorization

    • Get started with Imply Hybrid Auth
    • Authentication
    • Local users
    • User roles
    • User groups
    • User sessions
    • Brute force attack detection
    • Identity provider integration
    • Okta OIDC integration
    • Okta SAML integration
    • LDAP integration
    • OAuth client authentication

Clarity

  • Monitoring
  • Set up Clarity
  • Cloudwatch monitoring
  • Metrics

Druid administration

  • Configuration reference
  • Logging
  • Druid design

    • Design
    • Segments
    • Processes and servers
    • Deep storage
    • Metadata storage
    • ZooKeeper

    Security

    • Security overview
    • User authentication and authorization
    • LDAP auth
    • Dynamic Config Providers
    • Password providers
    • Authentication and Authorization
    • TLS support
    • Row and column level security

    Performance tuning

    • Basic cluster tuning
    • Segment Size Optimization
    • Mixed workloads
    • HTTP compression
    • Automated metadata cleanup
  • API reference
  • View Manager

    • View Manager
    • View Manager API
    • Create a view
    • List views
    • Delete a view
    • Inspect view load status
  • Rolling updates
  • Retaining or automatically dropping data
  • Alerts
  • Working with different versions of Apache Hadoop
  • Misc

    • dump-segment tool
    • reset-cluster tool
    • pull-deps tool
    • Deep storage migration
    • Export Metadata Tool
    • Metadata Migration

Authentication

To enable Imply Hybrid (formerly Imply Cloud) Auth for your organization, contact your Imply account representative.

Imply Hybrid Auth provides secure authentication to Imply Hybrid through its built-in authentication service. You can enable one or more of the available built-in password policies or set up a new policy for your FreeOTP or Google Authenticator One-Time Password generator to validate one-time passwords.

This article describes how to use Imply Hybrid Auth to facilitate secure authentication to Imply.

Password policies

By default, new organizations do not have password policies associated with them. You can enable and customize password policies for users as required by the security policies of your organization.

To enable a password policy for your organization, follow these steps:

  1. In the User management console, select Authentication.
  2. Click the Password Policy tab.
  3. Click Add policy to expand the policy options, and select a policy from the list. For example, you can configure a policy with these requirements:
    • Expire passwords after 30 days
    • Must have at least one upper case character and one special character
    • Must be at least eight characters in length
    • Must not be recently used password policy config
  4. When finished, click Save.

This applies the settings throughout the organization. To configure policy settings at the user level, select the user first and then make the changes.

Password reset

To allow users to reset forgotten passwords, select Organization Settings from the left menu of the User management console. In the Login subtab, toggle the Forgot password switch. This surfaces the “Forgot Password” flow in the Imply Hybrid login screen.

Multi-factor authentication with one-time passwords

Multi-factor authentication (MFA) can significantly enhance user access security. Imply Hybrid Auth works with Google Authenticator and FreeOTP authenticator applications.

Imply Hybrid Auth has a number of policies you can set up for your FreeOTP or Google Authenticator One-Time Password generator. There are two different algorithms to choose from: Time Based (TOTP) and Counter Based (HOTP). Each algorithm comes with a set of configuration options.

To enable MFA with a one-time password policy, follow these steps:

  1. In the User management console, select Authentication.
  2. Open the OTP Policy sub-tab.
  3. For the OTP Type, choose counter-based tokens or time-limited tokens.
  4. Configure other settings based on your requirements, including the OTP hash algorithm, length of the token, and the look-ahead window, which sets a leniency period in case of a synchronization discrepancy between the token generator and server.
    The configuration options are as follows:
    • OTP Type: the type of the OTP.
    • OTP Hash Algorithm: the hashing algorithm used to generate the OTP.
    • Number of Digits: the number of digits in the OTP.
    • Look Ahead Window: the number of intervals or characters the server should look ahead.
    • OTP Token Period: (TOTP) the number of seconds an OTP token should be valid for.
    • Initial Counter: (HOTP) the value of the initial counter.
    • Supported Applications: applications that support the current OTP policy.
  5. Click Save to apply the configuration.
Last updated on 4/20/2022
← Get started with Imply Hybrid AuthLocal users →
  • Password policies
  • Password reset
  • Multi-factor authentication with one-time passwords
2022.04
Key links
Try ImplyApache Druid siteImply GitHub
Get help
Stack OverflowSupportContact us
Learn more
Apache Druid forumsBlog
Copyright © 2022 Imply Data, Inc