--- layout: default navsection: installguide title: Set up web based login ... {% comment %} Copyright (C) The Arvados Authors. All rights reserved. SPDX-License-Identifier: CC-BY-SA-3.0 {% endcomment %} Select one of the following login mechanisms for your cluster. # If all users will authenticate with Google, "configure Google login":#google. # If all users will authenticate using PAM as configured on your controller node, "configure PAM":#pam. # If you need to enable multiple authentication methods, or your backend can't be configured as a PAM service on your controller node, "configure a separate single sign-on (SSO) server":#sso. h2(#google). Google login With this configuration, users will sign in with their Google accounts. First, visit "Setting up Google auth.":google-auth.html Next, copy the values of *Client ID* and *Client secret* from the Google Developers Console into @Login.GoogleClientID@ and @Login.GoogleClientSecret@ of @config.yml@:
Login: GoogleClientID: "0000000000000-zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.apps.googleusercontent.com" GoogleClientSecret: "zzzzzzzzzzzzzzzzzzzzzzzz"h2(#pam). PAM (experimental) With this configuration, authentication is done according to the Linux PAM configuration on your controller host. Enable PAM authentication in @config.yml@:
Login: PAM: trueCheck the "default config file":{{site.baseurl}}/admin/config.html for more PAM configuration options. h2(#sso). Separate single-sign-on (SSO) server With this configuration, Arvados passes off authentication to a separate SSO server that supports Google, LDAP, and a local password database. See "Install the Single Sign On (SSO) server":install-sso.html