This chapter covers two forms of authentication maintained by Plotly:
dash-enterprise-auth, the authentication and authorization layer built-in
to Plotly’s commercial product, Dash Enterprise.
dash-auth, a simple basic auth
If your company has licensed Dash Enterprise, then view authentication
documentation by visiting
<your-dash-enterprise-platform>with the hostname of your
your licensed Dash Enterprise platform in your VPC)
Dash Enterprise provides
an authentication middleware
that is configured by your administrator.
This authentication middleware connects to your
organization’s LDAP or SAML identity provider
(e.g. Active Directory, Ping Federate, Okta), allows your end users to log in
with SSO, verifies if the user has permission to view the application,
and then passes along user information like their username or group.
Once Dash Enterprise is installed, no extra configuration is required
on the application layer.
dash-enterprise-auth package provides the API to access the username
of the viewer of your Dash application. Use this username to
conditional logic depending on who is logged in or to use that username
in your API or database calls (row level security).
Dash Enterprise will automatically implement app authorization if your
Dash app’s privacy
is set to Restricted (the default setting)
or Authorized but not if is set to Unauthorized.
dash-enterprise-authin an Existing Dash App
If you have previously deployed your Dash app to your Dash Enterprise,
dash-enterprise-auth to your
dash-enterprise-auth includes the method
create_logout_button which allows you to
add a logout button to your app’s layout and it also includes three other methods,
get_kerberos_ticket_cache (only applicable for
certain server configurations), which provide information about the app’s viewer and so
must be called from within callbacks.
The example below demonstrates how to use these callbacks. Note that in order to use
create_logout_button locally you will have to set an environment variable called
DASH_LOGOUT_URL. You can do this by running your code with
DASH_LOGOUT_URL=plot.ly python app.py.
As a Dash developer, you hardcode a set of usernames and passwords in your
code and send those usernames and passwords to your viewers.
There are a few limitations to HTTP Basic Auth:
- Users can not log out of applications
- You are responsible for sending the usernames and passwords
to your viewers over a secure channel
- Your viewers can not create their own account and cannot change their
- You are responsible for safely storing the username and password pairs in
Logging in through Basic Auth looks like this: