You can enable authentication in your datacenter with DC/OS oauth. Authentication is managed through the DC/OS web interface. The Admin Router enforces access control.

Out of the box DC/OS has an OpenID Connect 1.0 endpoint at (in cooperation with Auth0) with connections to Google, GitHub, and Microsoft to provide basic authentication for DC/OS installations. DC/OS automatically adds the first user that logs in to the DC/OS cluster.

DC/OS uses the JSON Web Token (JWT) format for its authentication tokens. JWT is an open, industry standard (RFC 7519) method for securely representing claims between two parties. JWTs are obtained using OpenID Connect 1.0, which is a simple identity layer built on top of the OAuth 2.0 protocol.

DC/OS OAuth provides an HTTP API for managing local users in a RESTful fashion.

Auth0 badge

Authentication HTTP API Endpoint

You can make external calls to HTTP API endpoints in your DC/OS cluster.

    Configuring Your Security

    For improved security, administrators can choose to configure their own Auth0 account or integrate directly with the OpenID Connect endpoints provided by Google, GitHub, Microsoft Accounts, Azure Active Directory and many others.

      Managing Authentication

      Authentication is managed in the DC/OS web interface.

        Adding Users Manually

        You can add users to your DC/OS cluster from a terminal by using the script.

          User Management

          Users are granted access to DC/OS by another authorized user. A default user is automatically created by the first user that logs in to the DC/OS cluster.