Overview
Nebuly uses two distinct authentication mechanisms depending on the type of access. End-user authentication is handled through your enterprise identity provider (Google, Microsoft, Okta) or built-in basic authentication. Users log into the Nebuly UI via SSO or basic authentication. Ingestion authentication uses API keys. Any service sending data (interactions, traces) to Nebuly must include a project API key in every request:Default admin user on first startup
On first startup, you should create an initial admin user through the Helm values underauth.
Configuring SSO for self-hosted deployments
SSO is configured at the infrastructure level via the Nebuly Terraform module. Pass your identity provider credentials as a module input and Terraform will automatically inject them into the generated Helm values. Supported providers:google, microsoft, okta.
terraform apply, re-run terraform output helm_values to pick up the updated values before upgrading the Helm chart.
Terraform module references:
AWS ·
Azure ·
GCP
If you do not use SSO, you can add members manually from the invite flow in Settings → Members. See Adding members manually.