TransWikia.com

What are the ways to get authorized access to mlflow through Azure Active Directory?

DevOps Asked by stackuser on August 22, 2021

What are the ways to get authorized access to mlflow through Azure Active Directory?

Requirements:

  • I need to grant access to the mlflow web interface installed on a Ubuntu 16 Virtual Machine in Azure cloud to only allow authorized users.
  • Granting access will be done through group membership in Azure Active Directory.

One Answer

It looks like MLFlow doesn't natively support any authentication schemes and the recommendation is to use a reverse proxy such as Nginx to only forward requests to MLFlow if a valid authentication cookie is provided, redirecting any requests without a cookie or an invalid cookie back to the Identity Provider.

Azure AD Application Proxy

You can configure Azure AD Application Proxy to add authentication, although you will also need to protect MLFlow from unauthorised access by putting it in a virtual network or creating rules to only accept connections from Azure AD Application Proxy.

Used managed ML Flow in Azure

There is also the potential of using MLFlow that is part of Azure Databricks, which probably also includes authentication.

Nginx

There are complete instructions on setting this up on the Nginx for a generic application. In summary, however, you will need to:

  • configure Nginx as a reverse proxy
  • prevent access to MLFlow from anything other than Nginx
  • create an application in Azure Active Directory for Nginx
  • configure Nginx to look for the JWT token and validate it

You would also be able to use other products such as Google's Identity Aware Proxy and ForgeRock's Identity Gateway.

Answered by Richard Slater on August 22, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP