GitHub user dosubot[bot] edited a comment on the discussion: Does the DevLake UI support authentication and authorization?
<!-- Answer --> DevLake UI supports authentication, but its native options are limited. The most common method is Basic Authentication, which you can enable by setting the `ADMIN_USER` and `ADMIN_PASS` environment variables in your deployment. This creates an htpasswd file and protects the UI via nginx basic auth—see the relevant setup in the [nginx configuration script](https://github.com/apache/incubator-devlake/blob/main/config-ui/nginx.sh). If you need more advanced authentication (like OAuth2 or SSO), you can deploy DevLake behind an OAuth2 proxy (such as `oauth2-proxy`). The official Docker Compose setup includes an `authproxy` service that can be configured for providers like OIDC, Google, etc. This method secures the UI by requiring users to authenticate through your chosen identity provider before accessing DevLake—see the [docker-compose example](https://github.com/apache/incubator-devlake/blob/main/docker-compose-dev.yml). For cloud deployments with Tin, you can set a username and generate a password directly in the UI to enable Basic Auth and secure your instance—see the [Tin setup guide](https://github.com/apache/incubator-devlake/wiki/How-to-Set-Up-DevLake-with-Tin). DevLake does not currently support granular, role-based authorization natively in the UI. All authentication methods described above restrict access to the entire UI, not specific features or data. Authentication for plugin/API connections (like GitHub, AWS, Bitbucket) is handled separately within each plugin’s configuration and does not control access to the UI itself. If you need step-by-step guidance for a specific deployment scenario, let me know your environment and I can walk you through the setup. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=reply-with-mention&utm_term=apache%2Fincubator-devlake).* --- Share context across your team and agents. Try [Dosu](https://dosu.dev?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-tagline&utm_term=apache%2Fincubator-devlake). [](https://app.dosu.dev/response-feedback?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-feedback&utm_term=apache%2Fincubator-devlake#message_id=3fb995d6-3d58-49c1-b4db-bc17a2747462) [](https://github.dosu.com/apache/incubator-devlake?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-learn-repo&utm_term=apache%2Fincubator-devlake) [](https://app.dosu.dev/signup?referrer=openSource&source=github-footer&utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-add-team&utm_term=apache%2Fincubator-devlake) GitHub link: https://github.com/apache/incubator-devlake/discussions/8694#discussioncomment-15679519 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
