Authentication & Identity Providers

One of the preferred methods for handling authentication is to use Security Assertion Markup Language, using the SAML 2.0 protocol. To do this with LogScale Cloud, you'll first have to set up an authentication provider. However, user authentication for an organization is only available for paid customers. To upgrade, contact the LogScale Sales Department.

Assuming your organization is already an enterprise customer of LogScale, you may want to use an identity providers, which are covered in the next section.

Identity Providers & Other Methods

Although you can use LogScale for authenticating users, you can use instead an identity provider. Or you can use reverse proxy. These are all covered in the sections listed, linked, and described below.

SAML Authentication

Security Assertion Markup Language (SAML) is an open standard for authentication and authorizing data between applications. In LogScale, therefore, authentication can be delegated to an identity provider.

OpenID Connect

OpenID is an open standard, decentralized authentication protocol. You can learn how to use it with LogScale on the linked page.

LDAP Authentication

LogScale provides two ways to authenticate, using LDAP and fetch group membership.

OAuth Protocol

OAuth is an open standard that can grant applications and others clients access to LogScale without giving them your password. LogScale supports Google, GitHub, and BitBucket Sign-In.

Proxy Authentication

One way to accomplish single sign-on (SSO) in LogScale is by using a reverse proxy in front of LogScale. This linked page explains how this is done.

Blocked IPs and IP Ranges for Authentication

The following networks are blocked for use with IdP for security:

ini
# IPv4
# See https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
0.0.0.0/8          # RFC791 (https://www.iana.org/go/rfc791)
0.0.0.0/32         # RFC1122 (https://www.iana.org/go/rfc1122)
10.0.0.0/8         # RFC1918 (https://www.iana.org/go/rfc1918)
100.64.0.0/10      # RFC6598 (https://www.iana.org/go/rfc6598)
127.0.0.0/8        # RFC1122 (https://www.iana.org/go/rfc1122)
169.254.0.0/16     # RFC3927 (https://www.iana.org/go/rfc3927)
172.16.0.0/12      # RFC1918 (https://www.iana.org/go/rfc1918)
192.0.0.0/24       # RFC6890 (https://www.iana.org/go/rfc6890)
192.0.0.0/29       # RFC7335 (https://www.iana.org/go/rfc7335)
192.0.0.8/32       # RFC7600 (https://www.iana.org/go/rfc7600)
192.0.0.9/32       # RFC7723 (https://www.iana.org/go/rfc7723)
192.0.0.10/32      # RFC8155 (https://www.iana.org/go/rfc8155)
192.0.0.170/32     # RFC8880 (https://www.iana.org/go/rfc8880)
192.0.0.171/32     # RFC7050 (https://www.iana.org/go/rfc7050)
192.0.2.0/24       # RFC5737 (https://www.iana.org/go/rfc5737)
192.31.196.0/24    # RFC7535 (https://www.iana.org/go/rfc7535)
192.52.193.0/24    # RFC7450 (https://www.iana.org/go/rfc7450)
192.88.99.0/24     # RFC7526 (https://www.iana.org/go/rfc7526)
192.168.0.0/16     # RFC1918 (https://www.iana.org/go/rfc1918)
192.175.48.0/24    # RFC7534 (https://www.iana.org/go/rfc7534)
198.18.0.0/15      # RFC2544 (https://www.iana.org/go/rfc2544)
198.51.100.0/24    # RFC5737 (https://www.iana.org/go/rfc5737)
203.0.113.0/24     # RFC5737 (https://www.iana.org/go/rfc5737)
240.0.0.0/4        # RFC1112 (https://www.iana.org/go/rfc1112)
255.255.255.255/32 # RFC8190 (https://www.iana.org/go/rfc8190)

# IPv6
# See https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
::/128             # RFC4291 (https://www.iana.org/go/rfc4291)
::1/128            # RFC4291 (https://www.iana.org/go/rfc4291)
::ffff:0:0/96      # RFC4291 (https://www.iana.org/go/rfc4291)
64:ff9b::/96       # RFC6052 (https://www.iana.org/go/rfc6052)
64:ff9b:1::/48     # RFC8215 (https://www.iana.org/go/rfc8215)
100::/64           # RFC6666 (https://www.iana.org/go/rfc6666)
2001::/23          # RFC2928 (https://www.iana.org/go/rfc2928)
2001::/32          # RFC8190 (https://www.iana.org/go/rfc8190)
2001:1::1/128      # RFC7723 (https://www.iana.org/go/rfc7723)
2001:1::2/128      # RFC8155 (https://www.iana.org/go/rfc8155)
2001:2::/48        # RFC5180 (https://www.iana.org/go/rfc5180)
2001:3::/32        # RFC7450 (https://www.iana.org/go/rfc7450)
2001:4:112::/48    # RFC7535 (https://www.iana.org/go/rfc7535)
2001:10::/28       # RFC4843 (https://www.iana.org/go/rfc4843)
2001:20::/28       # RFC7343 (https://www.iana.org/go/rfc7543)
2001:30::/28       # RFC9374 (https://www.iana.org/go/rfc9374)
2001:db8::/32      # RFC3056 (https://www.iana.org/go/rfc3056)
2002::/16          # RFC3056 (https://www.iana.org/go/rfc3056)
2620:4f:8000::/48  # RFC7534 (https://www.iana.org/go/rfc7534)
fc00::/7           # RFC8190 (https://www.iana.org/go/rfc8190)
fe80::/10          # RFC4291 (https://www.iana.org/go/rfc4291)

In addition, multicast IPV4 addresses are also blocked for IdP:

ini
# Multicast IPv4 addresses
224.0.0.0/4

Last updated in v1.129.