CloudBeaver Documentation


Authentication methods


CloudBeaver provides various authentication methods, configurable by administrators. These settings can be accessed and modified via Settings -> Administration -> Server Configuration, either during initial setup or at any later time.

CloudBeaver Community Edition authentication types

The Community Edition (CE) of CloudBeaver supports various types of authentication. Detailed information about each type is available in the sections below.

Anonymous access

This method allows users to interact with CloudBeaver without needing to authenticate. Further details can be found in the Anonymous access configuration article.

Local access

Local access requires users to authenticate using a username and password. Administrators create user accounts and assign roles to define user permissions. For more detailed information, see the Local access authentication article.

Reverse proxy access

This authentication method is based on HTTP request headers. For more detailed information, see the Reverse Proxy Header Authentication article.

CloudBeaver Enterprise Edition authentication types

In addition to the authentication methods supported by the Community Edition (CE), CloudBeaver Enterprise Edition (EE) offers a broader range of authentication options. For more detailed information on each method, please refer to the subsequent sections.

AWS IAM access

AWS IAM authentication allows logging in with IAM credentials, automatically assigning a 'User' role in CloudBeaver. For more details, see the AWS IAM article.

SSO access

SSO (Single Sign-On) authentication can be used for access to CloudBeaver EE. Once an SSO user is authorized to CloudBeaver instance, the appropriate user is created in the application with the User role by default (you can find more information about SSO authentication at Single Sign On article).


OpenID Connect (OIDC) authentication enables users to log in using credentials from an OpenID Connect identity provider, simplifying the login process across different services. For further details, please consult the OpenID authentication article.


AWS OpenID Connect (OIDC) authentication integrates with AWS Identity and Access Management (IAM) to enable signing in using an OpenID Connect identity provider. This approach allows for the secure delegation of permissions to AWS resources based on the identity established by the provider. For more information, please refer to the AWS OpenID authentication article.

Okta OpenID

Okta OpenID Connect (OIDC) authentication allows applications to authenticate users via Okta's OIDC provider. This process enables secure and streamlined user access to applications and services without requiring them to manage multiple passwords. For more information, refer to the Okta OpenID Authentication article.

Cognito OpenID

Cognito OpenID is a feature of Amazon Cognito that allows you to use Cognito as an OpenID Connect (OIDC) identity provider. By configuring Cognito as an OIDC provider, users can sign in to CloudBeaver using their existing accounts with OIDC identity providers. For more information, refer to the Cognito OpenID Authentication article.

Microsoft Entra ID

Microsoft Entra ID, previously known as Azure AD, is a service that allows you to use Microsoft's cloud-based identity and access management service as an identity provider. By integrating Microsoft Entra ID with CloudBeaver, users can sign in using their Microsoft accounts, leveraging Azure Active Directory (Azure AD) for authentication. For more details, please consult the Azure AD Authentication article.


Google Authentication is a method that allows users to sign in to CloudBeaver using their Google accounts. This integration leverages Google as an OpenID Connect (OIDC) identity provider, enabling users to authenticate with their existing Google credentials. For more information, refer to the Google Authentication article.


JWT (JSON Web Tokens) Authentication is a secure method to transmit information between parties as a JSON object. In the context of CloudBeaver, JWT authentication can be configured to verify the identity of users. For more information, refer to the JWT Authentication article.


NTLM (New Technology LAN Manager), is a suite of Microsoft security protocols used for user authentication and data protection in Windows networks. It operates on a challenge-response mechanism to verify user identity without transmitting passwords directly. For more information on configuration, refer to the NTLM Authentication article.

CloudBeaver Enterprise Edition for AWS

CloudBeaver Enterprise Edition for AWS offers compatibility with a range of authentication methods that facilitate integration with AWS services and other identity solutions. Below is the list of the supported authentication methods: