Authentication
After installation, Coroot will prompt you to set a password for the admin user:
To prevent someone else from setting the admin password before you, you can specify the initial password using the
--auth-bootstrap-admin-password
CLI argument or the AUTH_BOOTSTRAP_ADMIN_PASSWORD
environment variable.
This initial password can be changed later through the UI.
Anonymous mode
To disable authentication, use the --auth-anonymous-role
CLI argument or the AUTH_ANONYMOUS_ROLE
environment variable,
setting it to one of the following roles: Admin
, Editor
, or Viewer
.
Reset admin password
To reset admin password, use the following command:
$ coroot set-admin-password
Enter new password:
Confirm new password:
Admin password set successfully.
Manage users
To manage Coroot users, go to the Project Settings, click on Organization:
To add a new user, click "Add user", fill out the form, and select a role.
The Coroot Community Edition includes three predefined roles: Admin
, Editor
, and Viewer
.
The Enterprise Edition allows you to create custom roles with granular permissions.
Single Sign-On (SSO)
Single Sign-On is available only in Coroot Enterprise (from $1 per CPU core/month). Start your free trial today.
Single Sign-On (SSO) feature streamlines user authentication by allowing team members to access the Coroot platform using a single set of credentials linked to an identity provider, such as Google Workspace, Okta, or other SSO solutions. With SSO, users no longer need to manage separate passwords for Coroot, enhancing both security and user experience.
Coroot's Single Sign-On (SSO) uses the SAML protocol, where Coroot acts as the service provider (SP). SAML allows users to log in through an identity provider (IdP) and access Coroot without needing separate credentials. This makes the login process easier and more secure by centralizing authentication through the IdP.
Setup SAML with Okta
-
Log in to the Okta portal.
-
Go to the Admin Console in your Okta organization.
-
Navigate to Applications > Applications.
-
Click Create App Integration.
-
Select SAML 2.0 as the Sign-in method.
-
Click Next.
-
On the General Settings tab, enter a name for your Coroot integration. You can also upload the logo.
-
On the Configure SAML tab:
-
For both Single sign on URL and Audience URI (SP Entity ID) fields use the https://COROOT_ADDRESS/sso/saml URL.
-
In the Attribute Statements section, configure
Email
,FirstName
, andLastName
attributes.
-
-
Click Next.
-
On the final Feedback tab, fill out the form and then click Finish.
-
Download Identity Provider Metadata XML using the
Metadata URL
:
Configure SAML authentication in Coroot
-
Navigate to the Project Settings > Organization > Single Sign-On (SAML) section.
-
Use the Upload Identity Provider Metadata XML button to upload the IDP metadata file that was previously downloaded.
-
Click Save and Enable.
-
Once Single Sign-On is enabled, Coroot will redirect your team members to the Identity Provider for authentication.
Each team member authenticated through the Identity Provider will be displayed in the Users list in Coroot, allowing you to manually change their roles.
Use http://COROOT_ADDRESS/login page and the admin user credentials to log in to your Coroot instance if you encounter any issues with SSO.