- Google - Authentication is provided through a user’s Google Workspace account.
- GitHub - Authentication is provided through a user’s GitHub account.
- GitLab - Authentication is provided through a user’s GitLab account.
- Email - Authentication is provided through an email link sent to a user.
- Custom Identity Providers - An enterprise identity provider such as Okta or VMware One, which uses SAML or OIDC protocol. See Custom identity providers for more information.
- Google Cloud - With Google Cloud workload identity federation service accounts may be used to federate identity to Endor Labs. See Keyless authentication for more information.
- GitHub Action OIDC - With GitHub Action OIDC you can federate the identity of your workloads to Endor Labs. See Keyless authentication for more information.
- AWS Role - With AWS identity federation your can use the AWS ARN of the role acts as the identity of a machine user. See Keyless authentication for more information.
Session duration
The duration of the session token determines how long a user stays authorized in Endor Labs. At the end of the session duration, the user authentication is invalidated and requires reauthentication. The following table provides the session duration for various authentication providers. The default session token duration for Custom Identity Providers (IdPs) is 4 hours, provided no specific session duration is configured in your IdP. Endor Labs respects the session duration defined in your IdP, after which users must reauthenticate. For SAML-based integrations, you can set the session duration using theSessionNotOnOrAfter attribute. In OIDC, the token expiration claims (exp) control the session duration.
The maximum allowed session duration is 4 hours. If your IdP is configured with a session duration exceeding 4 hours, the session will automatically default to a 4-hour limit.