Setting Up Native Authentication

This documentation is for Dash Enterprise.
Dash Enterprise is the fastest way to write & deploy Dash apps and
Jupyter notebooks.
10% of the Fortune 500 uses Dash Enterprise to productionize AI and
data science apps. Find out if your company is using Dash Enterprise.

To get the most out of this page, make sure you’ve read Using Keycloak.

With native Keycloak authentication, user information is stored in the Keycloak database and Keycloak acts as your identity provider. Your users log in and out through Keycloak.

We’ll help get you started by pointing out some important settings you may want to adjust and going over user management basics. We recommend reading the Keycloak documentation for a broader view of everything you can configure.

Configuring Realm Settings

Make sure you’re in the Dash realm, and then select Realm Settings.

Realm-level settings are displayed.

Login Settings

Go to Login to review settings related to user login.


Review the default settings and make any adjustments as you see fit for your organization. If you choose to not allow user registration, you’ll need to manually create users.

Note that if you are turning on Forgot password and Verify email, you’ll need to provide information about your email server in the Email settings.

Configuring Authentication

In the left sidebar, go to Authentication.

Required Actions

In Required Actions, you can customize what users are required to do before they can log in. To enforce a required action for all new users, turn on both Enabled and Default Action. Note that you can also set required actions for individual users by going to Users, selecting a user, and then configuring Required User Actions.

For descriptions of the required actions you may want to set, refer to Required Actions in the Keycloak documentation.


Some required actions make more sense depending on whether you turned on User registration in the Login settings:

Password Policy

By default, the Dash realm does not have a password policy. To set one, go to Password Policy. Refer to Password Policy Types in the Keycloak documentation for descriptions of the policy types in the Add policy list.

Optional: Creating Groups

Groups are a convenient way for app owners to give app co-ownership or viewer access to many users at once. If you choose to use nested groups (where parent groups have child groups as members), note that child groups do not automatically inherit app co-ownership and viewer access that an app owner gives to its parent group. For app owners to give app co-ownership or viewer access to a group containing child groups, they need to add each child group. Child groups are displayed in the format “Parent group/child group” in Dash Enterprise.

As an administrator, you can also use groups to assign roles to many users at once, but we note that we strongly recommend assigning the licensed_user role to users directly.

Tip: If you will be creating users yourself, we recommend setting up any groups you want first in order to easily set the membership at user creation time.

You can view, create, edit, and delete groups in the Groups menu.


Managing Users

You can view, create, edit, and delete users in the Users menu.


Tip: If you have integrated a user federation provider, Keycloak does not display the user list when you go to Users. To find existing users, use the search bar.

Creating a New User

To create a new user, select Add user; then fill out the user’s information.


Required User Actions is automatically filled with any required actions you set as default in the Authentication settings when you select Create, and additional settings become available.

Next, you’ll need to provide a way for the new user to log in.

If the user needs an admin or licensed_user role, you can assign it directly in their Role mapping, or you can add the user to a group that is mapped to the role they need.
Learn more in Roles and Permissions.