Skip to main content
Authentication in Alginte is optional and off by default, matching its localhost-first trust model. When Alginte is reachable by more than a single trusted operator, turn a login on.
Without a login and without a network boundary, anyone who can reach the UI has full control of every connected Kafka cluster. Enable a login or keep Alginte behind a reverse proxy with network allow-listing (ideally both).

Username / password

The simplest option is a single form-login account, set via environment variables (no profile required):
With these set, Alginte presents a login screen and requires the credentials before any cluster access.

OIDC (single sign-on)

Alginte also supports OpenID Connect login against an external identity provider (Keycloak, and other standard OIDC providers), with an allowlist controlling which authenticated users are admitted. This lets you delegate identity to your existing SSO instead of managing a local credential. See OIDC provider setup for the full guide: what to register at the provider, the property block, the mandatory allowlist, per-provider walkthroughs (Keycloak, Google, Microsoft Entra ID, Okta), reverse-proxy notes, and troubleshooting.

Logout

Once a login is enabled, the signed-in user is shown in the UI with a Sign out action that ends the session.