OIDC Config (OAuth 2.0)


Diffgram is well integrated with OIDC.

You can use any provider, for example: KeyCloak, Jump Cloud, AWS Cognito, etc. You can use your existing Keycloak installation or host your own.


Example OIDC implementations
Setting AWS Cognito on Diffgram
Setting Keycloak on Diffgram

AWS Cognito

Setting AWS Cognito on Diffgram


Setting Keycloak on Diffgram

  • Keycloak can also authenticate users with existing OpenID Connect or SAML 2.0 Identity Providers.
  • Keycloak has built-in support to connect to existing LDAP or Active Directory servers.

If you already have an existing installation of KeyCloak you can be up and running in moments with a default configuration.

Use Cases

  • Identity Platform Integration
  • Seperate user permission and resource usage concerns

For example, if you have files and tasks that are associated with a specific object, such as a customer of yours. For example some files may contain Personally Identifiable Information (PII). You may already have configured user roles and scopes regarding who can access these resources. Your data science team, and compute resources may have different requirements. This allows you to cross-cut concerns and shape appropriate machine learning projects, like "improve ABC" while maintaining the highest level of per file per user Authorization.

DataLake Example

When using Diffgram as your DataLake for Training Data you can maintain existing permission concepts by including metadata on files. This means your existing governance structure can live alongside your data. As predictions, new data, annotations, etc. flow in, the data catalog grows. Files are used, organized and curated while seamlessly maintaining compliance concerns.