Strategy to protect the Nomad UI?

The token based access method for the Nomad Web UI is a bit surprising. It encourages copy pasting and sharing of tokens. I would really prefer to hook it up to something like Okta or another directory service so that people can sign in with a username (or email) and password.

Has anyone done this? Where do I start? Looking through the documentation I don’t see much guidance.

1 Like

Hey @sadler , great news: Nomad 1.5 added support for SSO and OIDC methods generally.

Check out the Nomad + Vault OIDC tutorial and OIDC/auth-method Nomad documentation for more info.

1 Like

a hack could be … to put some sort of proxy (like HAProxy) which supports HTTP auth from a fixed list of username/password combinations.

NOTE: stress on the above idea being a hack!! :innocent: :pray: