Hello… Is there a playbook to implement authentication for Prefect Server similar to the experience you get in the cloud? I’m dealing with PHI data and I can’t have an open door to the console for everyone at my company

Hey Alex — we do not have a playbook for this because authentication is infrastructure specific & complicated. Our best-practice auth is implemented in Cloud but we can’t provide a similar solution in Server since we don’t own the infrastructure. That said, I know some people set up basic auth with Prefect Server so perhaps someone from the community will share some advice.

Thanks Michael… The entry point into the server seems to be Apollo server so I started looking at something like this: https://www.apollographql.com/blog/setting-up-authentication-and-authorization-with-apollo-federation/

I’d recommend starting with a VPC that only allows white listed IPs (or a VPN) since you don’t have to touch any code to restrict access

yeah… there’s something like that already in place, everyone on the VPN comes in as the same IP address, so while I can restrict access to my company, I cant restrict access to specific individuals within the company

Yeah that’s tricky. I don’t think you’ll get to granular permissioning without some complicated changes to the code — handling auth in Cloud is one of the more complex things we do.

@Alex Rud it may be worth mentioning that Prefect Cloud was designed for users working with sensitive data (in healthcare and finance) - in case you’d like to explore the hosted offering.

Is there any information on what the baa process/hipaa compliance is? Without doing too much of a deep dive, off the bat I would see a concern with logging, as I believe the log info would be stored in the prefect cloud and any sensitive information logged would be leaving our environment. I could be misunderstanding the architecture so would love to get more info/case studies to see if cloud really is an alternative

Yup, I’d invite you to check out this case study for a sampling, and our team (sales@prefect.io) would be happy to walk through the process in any detail. We can also assist with disabling logs to Cloud, as that’s a common concern. For more details on data handling with the Hybrid Model please see this FAQ: https://docs.prefect.io/orchestration/faq/dataflow.html#when-is-data-persisted. Let us know if we can answer any questions - we’re here to support you, whichever route is best for you!