Skip to main content

Owner

The owner (platform superadmin) role is assigned to the first account created with the TRACECAT__AUTH_SUPERADMIN_EMAIL email address. This account has admin rights to every workspace in the Tracecat instance.

Domain whitelist

To prevent unauthorized access to your Tracecat instance, you can configure a list of allowed domains for authentication. You can do this by setting the TRACECAT__AUTH_ALLOWED_DOMAINS environment variable. For example: 
TRACECAT__AUTH_ALLOWED_DOMAINS=acme.com,acme.ai

Authentication Methods

In production, use OIDC or SAML SSO. Basic auth is meant for local development only.
Tracecat currently supports the following authentication methods:
  • basic: Email and Password
  • oidc: OpenID Connect
  • saml: SAML SSO
Choose from a number of authentication methods listed below to get started.

Basic Auth

Email and password authentication.

OIDC

Learn how to authenticate into Tracecat using OpenID Connect.

SAML SSO

Learn how to authenticate into Tracecat using SAML SSO.