Admin superuser

The admin superuser role is assigned to the first user who logs into the Tracecat instance. This user owns the organization and has admin rights to every workspace in the Tracecat deployment.

Domain whitelist

To prevent unauthorized access to your Tracecat instance, you can configure a list of allowed domains for authentication. You can do this by setting the TRACECAT__AUTH_ALLOWED_DOMAINS environment variable. For example:

TRACECAT__AUTH_ALLOWED_DOMAINS=acme.com,acme.ai

Authentication Methods

In production, use OAuth or SAML SSO. Basic auth is meant for local development only.

Tracecat currently supports the following authentication methods:

  • basic: Email and Password
  • google_oauth: Google OAuth
  • saml: SAML SSO

Choose from a number of authentication methods listed below to get started.

Basic Auth

Email and password authentication.

Google OAuth

Learn how to authenticate into Tracecat using Google OAuth.

SAML SSO

Learn how to authenticate into Tracecat using SAML SSO.

Enable / Disable Authentication Methods

You can enable / disable multiple authentication methods in the .env file by modifying the TRACECAT__AUTH_TYPES environment variable. TRACECAT__AUTH_TYPES is a comma separated list of auth method keys: i.e. basic, google_oauth, saml.

TRACECAT__AUTH_TYPES=basic,google_oauth,saml
AWS ECS FargateBasic Auth