Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-04-22 22:17:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
ToolJet/docs/versioned_docs/version-3.0.0-LTS/user-management/authentication/self-hosted/overview.md
Pratik Agrawal 1ba4a2ed88
[docs]: Platform Revamp (#11585) 
* Initial Structure Setup

* Add SMTP Configuration Content

* Add ToolJet Plan Content

* Update ToolJet Plan Docs

* Update SMȚP Configuration

* Add Organization Overview

* Update SMTP Cofig

* add licensing structure

* revert AppCard.jsx

* revert AppCard.jsx

* Revert AppMenu.jsx

* Revert Folders.jsx

* Revert ManageGroupPermissionResources.jsx

* revert mixins.scss

* revert tabler.scss

* revert tabler.scss

* revert tabler.scss

* revert tabler.scss

* add: white label doc

* Update overview

* add: instances and workspaces

* revert AppCard.jsx

* revert changes from EditVersionModal.jsx

* Revert Changes

* Delete Extra File

* fix: comments

* update interlink

* fix: multiple instance content

* tj deployment beta

* update tj deployment beta

* Update Email Server Beta

* Update Overview

* update setup email communication

* Update Licensing

* Update overview and self hosted docs

* Update self hosted beta

* Update Licensing

* minor improvments

* update link

* Update folder name

* minor updates

* Update Self Hosted

* Update Cloud and Overview

* Minor Updates and add Mailgun Screenshot

* Change beta folder structure and add sendgrid screenshot

* update setup tj folder

* Replicate changes to 3.0.0-LTS

* Add overview and onboard user structure in beta

* Add Overview for User Management and Access Control

* Add Invite User

* first draft - bulk invite, archive, self signup

* update: intance-workspace-whitelabelling

* fix: workspace-whitelable doc

* minor update in invite user

* Update Onboarding and Offboarding of Users - 03/01

* Add structure for authentication and rbac in beta

* update super admin file structure

* add super admin content

* Update overview page

* Overview for onboard and offboard user

* minor edit overview page

* Update Invite User

* Update Bulk Invite User

* updated archive user

* Update onboarding and offboarding

* Content Update

* Update Super Admin Structure

* Update Super Admin

* User Roles Content

* Custom Groups Content

* Granular Access Control [WIP]

* Add SSO Structure

* github sson 1

* github sso

* Google SSO

* ldap

* grammatical improvement

* Feedback Updates 1

* complete RBAC

* sso update

* SSO LDAP SAML OIDC

* OIDC Setup

* Google OIDC

* Update LDAP and SAML Intro

* Update Profile Management Structure

* Update Access Control Docs

* Update Custom Groups

* feat: authentication

* OIDC - Okta

* feat: cloud auth

* fix: overview typo

* fix: selfhosted auth titles

* Group Sync Structure

* User Metadata

* [WIP] OIDC Group Sync

* OIDC Group Sync

* Update use case example in user metadata

* Remove password management section

* Update reset password

* add: retry limit in password login

* Docs feedback update

* OIDC Group Sync Docs

* oidc grp sync

* Custom Group

* access control

* Profile Management Structure

* edit user details and reset password

* profile settings

* Development Lifecycle Structure

* [WIP] Version Control

* [WIP] Rollback

* Update GitSync Structure

* WIP GitSync

* Copy GitSync from the Develop

* Update version control as per feedback

* wip: release

* release and rollback

* GitSync

* GitSync

* feat: self-hosted and cloud

* gitsync backup docs

* [WIP] GitSync

* GitSync Backup

* share app ideation

* Share Application

* WIP Audit Logs

* WIP Okta SAML

* wip - okta saml

* Okta SAML

* Audit Logs

* Git Push and Pull

* GitSync Backup

* Release Management

* GitSync Config

* gitsync custom branch

* Workspace Constants

* Workspace Variables

* Update License

* update: images and css classes

* update: images

* update: envs

* update: images

* Img Update till Invite User

* update: removed cloud from Dev Life cycle

* feat: custom domain

* fix: formatting - custom domain

* update: workspace doc

* metadata img update

* Images till Onboard and Offboard

* SSO Images

* Image Update GitSync

* fix: naming

* delete sql backup

* update: images

* Add ToolJet API

* Enhance Nav Bar

* Update development lifecycle overview

* update: images

* Nav Bar Update

* fix: feedback

* Update FAQ dropdown

* feedback update

* Content Update

* fix: images

* fix: platform overview image

* Update Grammar and Links till Onboard Users

* Fix links

* Update Self Singup Screenshot

* Fix interlinking

* Fix GitSync Interlinks

* update: interlinking

* Delete Old Docs Beta

* Delete Old Files from LTS

* Replicate Files in LTS

* Update Home Page

* fix workspace login link

* fix links

* Deploy ToolJet

---------

Co-authored-by: PriteshKiri <pritesh.d.kiri@gmail.com>
2025-03-06 16:12:09 +05:30

4.8 KiB
Raw Blame History

id title
overview Overview

Authentication in ToolJet ensures secure access to your applications and data.In self-hosted deployments, authentication can be configured at two levels:

  • Instance Level: Applies globally across all workspaces within the instance. Only the super admin can configure this.

  • Workspace Level: Overrides instance-level configuration for workspaces where it is applied. Both super admins and workspace admins can configure it.

Scenarios for Authentication Configuration

ToolJet supports flexible authentication setups, allowing instance-level, workspace-level, or a mix of both configurations. You can configure SSO or email-password login at both the levels. Below are common scenarios to guide your setup.

1. Only Instance-Level Login

Instance-level login configuration is a global setting that applies across all workspaces within a ToolJet instance.

Example: Imagine a company, Nexus Corp, that wants to build internal application with ToolJet for three departments: Marketing, Sales, and Engineering. To ensure better collaboration, they need to isolate the applications and data sources for each department. Since all these departments use the same login system as they belong to the same company, an instance-level configuration is suitable setup for this scenario. Heres how this can be set up:

  • Create three workspaces—one for each department: Marketing, Sales, and Engineering. This ensures the applications and data sources for each department remain isolated.

  • Since all workspaces belong to a single instance of the company, configure authentication at the instance level. For example, if the company uses Google Workspace, they can configure Google SSO at the instance level.

  • This allows users across all workspaces to log in using the same authentication system.

only instance level login

2. Only Workspace-Level Login

Workspace-level login allows individual workspaces to define their own authentication configurations, overriding the global instance-level settings. This approach is ideal for organizations with diverse authentication needs across departments or teams.

Example Consider a service-based company, Pixel Technologies Inc., that serves three client companies: GreenTech Ltd., BlueWave Corp., and EcoBuild Enterprises. To provide customized solutions, Tech Solutions Inc. have to isolate applications, users and datasource and access control configuration for each client company. In this scenario, service-based company can do the following setup:

  • Create a workspace for each client company: GreenTech Ltd., BlueWave Corp., and EcoBuild Enterprises. This ensures the applications and data sources for each client remain isolated.

  • Configure individual workspace-level login settings for each workspace. For example, GreenTech Ltd may use Google SSO, BlueWave Corp. may prefer Azure AD, and EcoBuild Enterprises might us both SAML SSO and a custom email-password authentication system.

only instance level login

3. Instance-Level and Workspace-Level Login (Mixed Configuration)

In this setup, some workspaces inherit the instance-level configuration, while others override it with workspace-specific login settings.

Example Consider a large company, Global Dynamics Ltd., with three departments: Marketing, Engineering, and HR. To ensure better collaboration, they need to isolate the applications and data sources for each department. Global Dynamics Ltd. wants to maintain a separate login for the applications related to the HR department to comply with strict security and compliance requirements. For the other departments, they prefer to use a common authentication at the instance level.

In such scenarios where company wants to implement a mixed authentication configuration, they can do the following setup.

  • Create three workspaces—one for each department: Marketing, Engineering, and HR. This ensures the applications and data sources for each department remain isolated.

  • The Marketing and Engineering workspaces can inherit the instance-level configuration. For instance, they use Google OAuth configured at instance level.

  • The HR workspace, due to compliance and security policies, requires isolated login settings. Thus configures workspace-level login settings, such as SAML authentication, which will override the instance level configuration.

only instance level login