Authentication modes
This information applies to Lumi Enterprise.
Imply Lumi Enterprise supports two authentication modes that determine how users and roles are managed:
Amazon Cognito
Amazon Cognito is the default authentication mode for AWS deployments. Users log in with a Lumi Enterprise username and password. Users with the Admin role can create and manage user accounts in Lumi Enterprise.
External mode
In external mode, Lumi Enterprise delegates user management to an external identity provider (IdP). Users authenticate through single sign-on (SSO) using their IdP credentials. The Users page is not available in the Lumi UI since user management happens in the IdP. Roles are managed through a combination of group assignments in the IdP and role mapping in Lumi Enterprise.
External mode is required for non-AWS deployments.
To enable external mode, set auth_mode to external in main.tf.
Choose a mode
Use the following diagram to determine which mode is right for your deployment:
Learn more
See the following topics for more information:
- System admin user for details about the system admin user.
- Configure SAML SSO for Lumi Enterprise to configure SSO for external mode.