|
|
|
|
|
|
by Terretta
664 days ago
|
|
|
It's more than a little confusing to me the relationship or dependencies between h2o.ai, h2o-ai-cloud, and this Wave tooling. With that huge caveat, insofar as Wave for "Enterprise" seems to run on H2O AI Hybrid Cloud (though H2O.ai suggests an intent to run on-prem or air-gapped), the `h2o-ai-cloud` seems to handle authentication and authorization using an OpenID Connect (OIDC) provider like Keycloak, which should let you integrate with other services like SAML and LDAP. User roles look tied to OIDC access token claims, and what a user can see or do depends on their role, so in theory, they should only have access to what's appropriate. There are also some options for more granular control through IAM-like policies, but it looks like these are still in beta. Overall, it looks at the very least that enabling authentication and access authorization is not just an afterthought, assuming it's all set up right. https://h2oai.github.io/h2o-ai-cloud/adminguide/authorizatio... |
|
|