Can we automatically map users to teams based on our SSO?
Yes. When configuring the app in your Okta or AzureAD, you have the option to transmit additional user information, such as team affiliation, to Valohai. Valohai can then seamlessly map users to their corresponding teams within the platform. For detailed implementation guidance with your SSO, please reach out to our support team at support@valohai.com.
Can our organization require two-factor authentication (2FA)?
Yes. Organization administrators have the ability to mandate that all users within their organization must have two-factor authentication (2FA) configured. It’s important to note that before enforcing this organization-wide, you’ll need to enable 2FA for your own account from the Profile page. Here’s how:
- Navigate to the top-right menu (“
Hi, <name>
”) and select “Manage <organization>
”. - Go to “Settings” under the organization controls.
- Enable “Two-Factor Authentication” and save your changes.
- Users will be required to set up their MFA under their project settings at https://app.valohai.com/auth/.
Can I restrict user access to a project, machine type, or a data store?
Yes. In Valohai’s organization management, access control is based on three different levels: Organizations, Teams, and Users. Here’s how you can control access:
- Projects
- A project can be owned by a user, team, or an organization.
- You can add individual users as collaborators in the project settings, even if they are not part of your organization or team.
-
Ownership of projects can be transferred between organizations and teams in the project settings.
-
Environments
- Environments are typically owned by an organization by default.
-
Environment quotas allow you to specify which teams can launch jobs in specific environments and set the maximum number of machines of that type that they can run in parallel.
-
Data Stores
- Data stores can be defined at the project or organization level.
- Organization-level data stores can be shared with everyone in the organization or limited to specific teams.
How long is the API token valid for?
API tokens can be generated individually by each user. By default, these tokens do not expire. However, organization administrators have the flexibility to define a “Maximum API Token Lifetime” under the organization settings. Here’s how:
- Navigate to the top-right menu (“
Hi, <name>
”) and select “Manage <organization>
.” - Go to “Settings” under the organization controls.
- Set the “Maximum API Token Lifetime” according to your organization’s security requirements.