@Marvin is there a way to add in a sign in page and authentication for prefect instances run on premise and not thru the cloud?

It appears that the Prefect documentation mainly focuses on cloud-based authentication and SSO. However, there are no clear resources or examples specifically for adding a sign-in page and authentication to on-premise instances of Prefect. Here are some findings: - Hosting a Prefect Server instance is straightforward, but there are no built-in features for sign-in pages or user authentication detailed in the current docs. Refer to the guide on hosting your own Prefect server: Host a Prefect server instance. - Prefect Cloud provides SSO integration for authentication, which implies that similar features might not be as readily available for on-premise setups without custom implementation: Single Sign-On (SSO). Unfortunately, there is no direct documentation or GitHub issue that details adding a sign-in page or handling authentication on self-hosted Prefect instances. You may need to handle authentication externally or custom-build it into your deployed Prefect instance. If you have specific requirements or additional questions, expanding the search or directly connecting with the Prefect community might be beneficial.

@Marvin so right now anyone with access to the ip and port can access my dashboard. how do i lock down the premise on-premise instance

It appears that there isn't direct documentation or detailed instructions for securing on-premise Prefect instances. However, based on standard practices, here are a few methods to secure your instance and restrict access to the dashboard: 1. Network Level Security: - IP Whitelisting: Restrict access to the Prefect dashboard by only allowing certain IP addresses. - VPN: Require users to connect via a VPN to access the Prefect server. 2. Reverse Proxy with Authentication: - Use a reverse proxy like Nginx or Apache to front your Prefect server. You can set up basic authentication or integrate with OAuth providers. 3. Kubernetes: - If running on Kubernetes, use Kubernetes RBAC to control access and integrate with secrets management systems. 4. Custom OAuth / SSO: - Implement an OAuth or SSO solution that suits your organization’s needs and integrates with your Prefect server. References: - Host a Prefect server instance - Object Access Control Lists These steps involve typical methods for securing web applications and should provide a good starting point for securing your on-premise Prefect dashboard. If our findings change or if we gather more specific information, we will update this response.