livebook/docs/authentication.md

# Authentication

Livebook has three levels of authentication:

  * Instance authentication: this authenticates the user on all routes of your Livebook instance, including deployed notebooks and the admin section. If you are deploying your Livebook instances with [Livebook Teams](https://livebook.dev/teams), all instances include Livebook Teams authentication by default. You can also manually configure your Livebook instance to have their own authentication, see the "Airgapped Authentication" section.

  * Admin authentication: this authenticates access to Livebook admin interface, where users can create, write, and manage notebooks. Both password and token authentication are available. See the next section for more information.

  * Deployed notebook authentication: additionally, when deploying notebooks as applications, each application may be password protected with a unique password. Only users authenticated as admin or with the password will be able to access them.

## Admin authentication

Livebook's default admin authentication method is token authentication. A token is automatically generated at startup and printed to the logs.

You may optionally enable password-based authentication by setting the environment variable `LIVEBOOK_PASSWORD` on startup or deployment. It must be at least 12 characters.

To disable authentication altogether, you may set the environment variable `LIVEBOOK_TOKEN_ENABLED` to `false`.
Touch ups 2023-09-21 17:21:50 +08:00			`# Authentication`

ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			`Livebook has three levels of authentication:`
Touch ups 2023-09-21 17:21:50 +08:00
Update docs around authentication 2024-11-08 14:58:57 +08:00			`* Instance authentication: this authenticates the user on all routes of your Livebook instance, including deployed notebooks and the admin section. If you are deploying your Livebook instances with [Livebook Teams](https://livebook.dev/teams), all instances include Livebook Teams authentication by default. You can also manually configure your Livebook instance to have their own authentication, see the "Airgapped Authentication" section.`
Touch ups 2023-09-21 17:21:50 +08:00
Split authentication into its own section 2024-04-23 05:00:18 +08:00			`* Admin authentication: this authenticates access to Livebook admin interface, where users can create, write, and manage notebooks. Both password and token authentication are available. See the next section for more information.`
Touch ups 2023-09-21 17:21:50 +08:00
ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			`* Deployed notebook authentication: additionally, when deploying notebooks as applications, each application may be password protected with a unique password. Only users authenticated as admin or with the password will be able to access them.`
Touch ups 2023-09-21 17:21:50 +08:00
ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			`## Admin authentication`
Touch ups 2023-09-21 17:21:50 +08:00
ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			`Livebook's default admin authentication method is token authentication. A token is automatically generated at startup and printed to the logs.`
Touch ups 2023-09-21 17:21:50 +08:00
ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			You may optionally enable password-based authentication by setting the environment variable `LIVEBOOK_PASSWORD` on startup or deployment. It must be at least 12 characters.
Touch ups 2023-09-21 17:21:50 +08:00
ZTA revamp * Rename SessionIdentity to PassThrough and make it part of ZTA * Compute the ID at the Plug level, rather than ZTA level and avoid storing it twice * Stop the user "avatar" from flashing on initial render * Do not duplicate identity data inside user data, rather keep them distinct 2024-04-13 16:29:22 +08:00			To disable authentication altogether, you may set the environment variable `LIVEBOOK_TOKEN_ENABLED` to `false`.