Server security and access configuration
In CloudBeaver, you can manage security and access on several levels. These settings let you control how users sign in, who can access the system, how database connections are secured, and how the server is protected on the network.
You can configure:
- Authentication - sign-in methods for users
- Access management - permissions and policies for accounts and teams
- Connection network options - encryption and tunnels for database connections
- Network and security settings - domains, proxies, certificates, and secure storage
- Additional security options - password recovery, credentials storage, provisioning, and restrictions
Authentication¶
Configure how users sign in. Choose local accounts, enterprise identity providers, or cloud-specific services.
- Anonymous access
- Local authentication
- LDAP
- SAML
- OpenID
- NTLM
- JWT
- AWS IAM
- Microsoft Entra ID, and others
Info
See Authentication methods for a full overview.
Brute force protection¶
CloudBeaver can protect against brute force attacks on both application login and database connections.
- Login protection - block users after several failed login attempts
- Connection protection - temporarily block the ability to connect after repeated failed attempts (for example, wrong database password)
Info
For more details, see Password policy
Access management¶
Control who can sign in and what they can do. Enforce password rules, assign permissions, and organize users into teams.
Connection network options¶
Secure database connections at the connection level. Enable SSL, set up SSH tunnels, and manage keys.
- SSL configuration - encrypt traffic with CA-signed or self-signed certificates
- SSH configuration - protect connections with SSH tunnels and key authentication
Network and security settings¶
Manage how the server is exposed on the network. Configure domains, proxies, TLS, and secure storage for sensitive data.
| Setting | Description | Reference |
|---|---|---|
| Domain manager | Configure a custom domain, and apply SSL certificates | Domain manager |
| Reverse proxy | Control and filter incoming traffic, enable auth via headers, offload TLS, enforce HTTPS, and configure multiple server URLs | Proxy configuration |
| Secret management | Store and retrieve credentials from providers like AWS Secrets or Vault | Secret providers |
| Java security properties | Override default JVM crypto properties for compliance and security policies | Java security properties |
Additional security options¶
CloudBeaver also provides extra security features that complement authentication, access control, and connection settings.
| Setting | Description | Reference |
|---|---|---|
| Password recovery | Restore access if the main password is lost | Admin password recovery |
| User credentials storage | Control how saved credentials are stored and protected | User credentials storage |
| Pre-configured permissions | Define default permissions for new database connections | Pre-configured permissions |
| User provisioning | Automate account creation and updates with provisioning systems | Provisioning users |
| Proxy header authentication | Authenticate users via trusted reverse proxy headers | Reverse proxy header authentication |