Authentication

Overview

The Cloud Portal authenticates with your SingleStore account using token-based secure authentication. This is then used across the Cloud Portal.

SingleStore provides a customer admin with the power to provision and control access within their organization and to take responsibility for who can see what, and when. Authentication is based on username and password. Password complexity can be set by the customer, however it must meet the requirements of the NIST 800-63B standard. All connections must be explicitly white-listed via IP address. Credentials are encrypted, and stored and managed within KeyCloak.

Federated authentication for the management portal supports SAML and OIDC delegation to a customer's IDP.

To combat authentication token replies from unauthorized endpoints, our SAML IDP acts as an intermediary to your IDP for our Cloud Portal. The login process makes use of a temporary code during the exchange that is invalidated once used, thus preventing reuse. In addition, access to the endpoints is protected by the aforementioned IP Address Allowlisting.