Hello… Is there a playbook to implement authentication for Prefect Server similar to the experience you get in the cloud? I’m dealing with PHI data and I can’t have an open door to the console for everyone at my company
🙌 1
z
Zanie
01/21/2021, 5:02 PM
Hey Alex — we do not have a playbook for this because authentication is infrastructure specific & complicated. Our best-practice auth is implemented in Cloud but we can’t provide a similar solution in Server since we don’t own the infrastructure. That said, I know some people set up basic auth with Prefect Server so perhaps someone from the community will share some advice.
Not sure if it’ll yield anything but that’s the current focus
z
Zanie
01/21/2021, 5:11 PM
I’d recommend starting with a VPC that only allows white listed IPs (or a VPN) since you don’t have to touch any code to restrict access
a
Alex Rud
01/21/2021, 5:14 PM
yeah… there’s something like that already in place, everyone on the VPN comes in as the same IP address, so while I can restrict access to my company, I cant restrict access to specific individuals within the company
z
Zanie
01/21/2021, 5:17 PM
Yeah that’s tricky. I don’t think you’ll get to granular permissioning without some complicated changes to the code — handling auth in Cloud is one of the more complex things we do.
j
Jeremiah
01/21/2021, 7:48 PM
@Alex Rud it may be worth mentioning that Prefect Cloud was designed for users working with sensitive data (in healthcare and finance) - in case you’d like to explore the hosted offering.
a
Alex Rud
01/21/2021, 7:53 PM
Is there any information on what the baa process/hipaa compliance is? Without doing too much of a deep dive, off the bat I would see a concern with logging, as I believe the log info would be stored in the prefect cloud and any sensitive information logged would be leaving our environment. I could be misunderstanding the architecture so would love to get more info/case studies to see if cloud really is an alternative
j
Jeremiah
01/21/2021, 7:57 PM
Yup, I’d invite you to check out this case study for a sampling, and our team (sales@prefect.io) would be happy to walk through the process in any detail. We can also assist with disabling logs to Cloud, as that’s a common concern. For more details on data handling with the Hybrid Model please see this FAQ: https://docs.prefect.io/orchestration/faq/dataflow.html#when-is-data-persisted. Let us know if we can answer any questions - we’re here to support you, whichever route is best for you!