secure initialization
Closed this issue · 3 comments
I have a market of approximately 17,000 organizations, and I want to offer them a workflow orchestration interface similar to Domino as part of a SaaS application that generates, delivers, and publishes specialized analytics. This application will encapsulate a library of highly customized components written in Python, which includes data transformations and the production of visualizations, AI, and analytics. Additionally, the SaaS application will need to provide access to the visualization results. Therefore, I require an interface that not only allows access to these results but also enables the creation and monitoring of scheduled workflows that build the visualizations. Each client will require a continuously running, isolated instance for scheduling purposes. As a result, I will also need the capability to dynamically create a Domino instance per signup within my interface. I'm open to loading Domino in an iframe, and it would be smoother if I could integrate the access to Domino through an SSO mechanism. How closely does Domino align with this use case?
I'm excited about the potential of your project. Congratulations on your release, and I hope it achieves great success.
The Domino GUI appears to work in an iframe, so that's a good starting point. My use case would likely reserve the workflow management to a few users, while I could present the data garden outside of Domino to all of the users. Our interface could generate the dedicated Domino instance in Kubernetes on demand when signing up for advanced use. An option in our main menu could launch the Domino interface in the iframe. One useful option would be to specify the initial admin user and password when generating the instance so it's more secure. Two logins might be a bit awkward, but I can deal with it initially. Regardless, I think there's enough in here where I could start integrating the custom pieces needed to interface with our code.
To clarify the resolvable issue here, I'm seeking a more secure way to initialize Domino for publicly accessible endpoints. One useful option would be to specify the initial admin user and password when generating the instance.
I'll continue the discussion of my use cases in the discussion area. Thanks!
Hey @dave-killough thanks for openning this issue.
One useful option would be to specify the initial admin user and password when generating the instance so it's more secure
We support editing the default ADMIN credentials passing ADMIN_USER_EMAIL and ADMIN_USER_PASSWORD as env vars to the Domino REST API service. It is important to note that our default "ADMIN" user is just a default user automatically created by us at the platform startup, it does not have anything special in this case. You can even disable this user creation passing CREATE_DEFAULT_USER as env var to the REST API service as well.
Two logins might be a bit awkward, but I can deal with it initially. Regardless, I think there's enough in here where I could start integrating the custom pieces needed to interface with our code.
If you already have credentials for your user, maybe you can use Domino REST to create a Domino user with the same credentials so you can automatically sign in and avoid the unnecessary second login, does that makes sense?