Authenticating with a Proxy

One way to accomplish single sign-on (SSO) in Humio is by using a reverse proxy in front of Humio. If that proxy has a way of knowing a proper username or user email or other unique user identifier, you can let the proxy decide what username the user gets access as inside Humio.

Make sure Humio is not accessible without passing through the proxy, as direct access to the Humio server in this configuration allows anyone to assume any identity.

Configure using:

ini files

The proxy must add a header with the username of the end user in the specified header. If the proxy leaves the header blank, the user does not get authenticated, and can thus only access shared dashboards.

Humio uses the Authentication header as transport from the browser to the Humio backend. It is thus not possible to use a proxy that also uses this header. This rules out using