|
1 | 1 | #Authentication |
2 | 2 |
|
3 | | -By default, Coder is accessible via password authentication. |
| 3 | +By default, Coder is accessible via password authentication. Coder does not |
| 4 | +recommend using password authentication in production, and recommends using an |
| 5 | +authentication provider with properly configured multi-factor authentication |
| 6 | +(MFA). It is your responsibility to ensure the auth provider enforces MFA |
| 7 | +correctly. |
4 | 8 |
|
5 | 9 | The following steps explain how to set up GitHub OAuth or OpenID Connect. |
6 | 10 |
|
@@ -46,6 +50,10 @@ CODER_OAUTH2_GITHUB_ALLOW_EVERYONE=true |
46 | 50 |
|
47 | 51 | Once complete, run`sudo service coder restart` to reboot Coder. |
48 | 52 |
|
| 53 | +>We recommend requiring and auditing MFA usage for all users in your GitHub |
| 54 | +>organizations. This can be enforced from the organization settings page in the |
| 55 | +>"Authentication security" sidebar tab. |
| 56 | +
|
49 | 57 | ##GitLab |
50 | 58 |
|
51 | 59 | ###Step 1: Configure the OAuth application in your GitLab instance |
@@ -76,6 +84,12 @@ CODER_OIDC_CLIENT_SECRET="G0CSP...7qSM" |
76 | 84 |
|
77 | 85 | Once complete, run`sudo service coder restart` to reboot Coder. |
78 | 86 |
|
| 87 | +>We recommend requiring and auditing MFA usage for all users in your GitLab |
| 88 | +>organizations or deployment. This can be enforced for an organization from the |
| 89 | +>organization settings page in the "Permissions and group features" section. |
| 90 | +>For deployments, this can be enforced in the Admin area, under the "Settings > |
| 91 | +>General" sidebar tab in the "Sign-in restrictions" section. |
| 92 | +
|
79 | 93 | ###Additional Notes |
80 | 94 |
|
81 | 95 | GitLab maintains configuration settings for OIDC applications at the following URL: |
|