@Marvin With prefect 3 core (the self hosted version) is it possible to use/set-up single sign on of azure?

In Prefect 3.x, single sign-on (SSO) integration is a feature available for Prefect Cloud, particularly in its Enterprise plans. This integration supports identity providers through OIDC and SAML 2.0. Unfortunately, the self-hosted version of Prefect does not natively support SSO, as this capability is one of the additional features exclusive to Prefect Cloud. For more information, you can refer to the Prefect Cloud SSO documentation and the self-hosting documentation. If you need SSO for a self-hosted setup, you might need to explore custom solutions or consider leveraging Prefect Cloud for this feature.

@Marvin Any suggestions on how I set up a custom solution?

To set up a custom single sign-on (SSO) solution for a self-hosted Prefect 3.x instance, you might need to consider integrating with existing authentication systems using webhooks, custom API endpoints, or middleware. Here are some suggestions: 1. Custom Authentication Middleware: Implement a middleware in your Prefect server setup that intercepts requests and checks for valid SSO tokens or credentials against your Azure AD or another identity provider. This could involve using OAuth2 or OpenID Connect libraries in Python. 2. Webhooks and API Endpoints: Leverage Prefect's ability to handle webhooks and create custom endpoints that can manage authentication tokens. This might involve using Prefect's

CallWebhook

action from the

prefect.events.actions

module. 3. Prefect Client Customization: Use the

PrefectClient

class from the

prefect.client.orchestration

module to customize how the client handles authentication, possibly by integrating with an authentication service. 4. Azure AD Integration: Use Azure's SDKs or APIs to handle authentication and token management. You can then pass the valid tokens to your Prefect server for validation. While these steps provide a general direction, implementing a custom SSO solution will require a good understanding of both Prefect's architecture and your chosen identity provider's capabilities. You might also need to explore Prefect's server and API modules for further customization. For more detailed guidance, consulting Prefect's documentation and Azure's authentication documentation will be crucial.