Does the DevLake UI support authentication and authorization?

[veetmoradiya3628]

Hi Devlake team,

Does DevLake support any native authentication or authorization methods? If so, could someone please guide me on the best way to utilize them?

[dosubot[bot]]

DevLake UI supports authentication, but its native options are limited. The most common method is Basic Authentication, which you can enable by setting the ADMIN_USER and ADMIN_PASS environment variables in your deployment. This creates an htpasswd file and protects the UI via nginx basic auth—see the relevant setup in the nginx configuration script.

If you need more advanced authentication (like OAuth2 or SSO), you can deploy DevLake behind an OAuth2 proxy (such as oauth2-proxy). The official Docker Compose setup includes an authproxy service that can be configured for providers like OIDC, Google, etc. This method secures the UI by requiring users to authenticate through your chosen identity provider before accessing DevLake—see the docker-compose example.

For cloud deployments with Tin, you can set a username and generate a password directly in the UI to enable Basic Auth and secure your instance—see the Tin setup guide.

DevLake does not currently support granular, role-based authorization natively in the UI. All authentication methods described above restrict access to the entire UI, not specific features or data.

Authentication for plugin/API connections (like GitHub, AWS, Bitbucket) is handled separately within each plugin’s configuration and does not control access to the UI itself.

If you need step-by-step guidance for a specific deployment scenario, let me know your environment and I can walk you through the setup.

To reply, just mention @dosu.

---

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}