Hello… Is there a playbook to implement authentication for Prefect Server similar to the experience you get in the cloud? I’m dealing with PHI data and I can’t have an open door to the console for everyone at my company
01/21/2021, 5:02 PM
Hey Alex — we do not have a playbook for this because authentication is infrastructure specific & complicated. Our best-practice auth is implemented in Cloud but we can’t provide a similar solution in Server since we don’t own the infrastructure. That said, I know some people set up basic auth with Prefect Server so perhaps someone from the community will share some advice.
Not sure if it’ll yield anything but that’s the current focus
01/21/2021, 5:11 PM
I’d recommend starting with a VPC that only allows white listed IPs (or a VPN) since you don’t have to touch any code to restrict access
01/21/2021, 5:14 PM
yeah… there’s something like that already in place, everyone on the VPN comes in as the same IP address, so while I can restrict access to my company, I cant restrict access to specific individuals within the company
01/21/2021, 5:17 PM
Yeah that’s tricky. I don’t think you’ll get to granular permissioning without some complicated changes to the code — handling auth in Cloud is one of the more complex things we do.
01/21/2021, 7:48 PM
@Alex Rud it may be worth mentioning that Prefect Cloud was designed for users working with sensitive data (in healthcare and finance) - in case you’d like to explore the hosted offering.
01/21/2021, 7:53 PM
Is there any information on what the baa process/hipaa compliance is? Without doing too much of a deep dive, off the bat I would see a concern with logging, as I believe the log info would be stored in the prefect cloud and any sensitive information logged would be leaving our environment. I could be misunderstanding the architecture so would love to get more info/case studies to see if cloud really is an alternative