Enabling User Authentication
Enabling user authentication on TigerGraph enforces access control, requiring users to identify themselves and ensuring that users can only perform actions allowed by their roles.
When the TigerGraph platform is first installed, user authentication is disabled. The installation process creates a gsql superuser who has the name
tigergraph and password
As long as this user’s password is
tigergraph, GSQL authentication remains disabled.
|It is strongly suggested that you at least change the default user password to enable GSQL user authentication. Not enabling GSQL authentication has the potential to give unauthorized users broad control over your database and the underlying system.|
Because there are two ways to access the TigerGraph system, either through the GSQL shell or through REST++ requests, there are two steps needed to secure your system with authentication enabled for both points of entry:
To enable user authentication for GSQL, change the password of the default user whose username
tigergraph to something other than
Log in to the GSQL shell as the default user
tigergraph. Since authentication is not enabled, entering
gsqlinto the Linux terminal under the TigerGraph Linux user will log you in as user
Run the following command to change the password, and enter the new password as prompted:
GSQL > ALTER PASSWORD
User authentication has been enabled. Exit the GSQL shell and try to reenter, and confirm that GSQL will now prompt for your password.
$ gsql Password for tigergraph : ********
To log in as a different user, use the
-uoption when you enter the GSQL shell. You can also supply the password in the same command with the
$ gsql -u newuser -p mypassword
To enable RESTPP authentication, set the
RESTPP.Factory.EnableAuth parameter to
As the TigerGraph Linux user, run the following command:Enabling REST++ SAML2.0 Authentication
$ gadmin config set RESTPP.Factory.EnableAuth true
Run the following commands to save the configuration and restart system services:Enabling REST++ SAML2.0 Authentication
$ gadmin config apply $ gadmin restart restpp nginx gui gsql -y
After enabling user authentication, the
/requesttoken endpoint becomes available for you to generate tokens used to authenticate your REST requests to the REST++ server.