Overview of Oxy’s four authentication modes: Built-in, Cognito, IAP, and IAP Cloud Run
Oxy supports four authentication modes designed for different deployment scenarios.
Command: oxy serve --auth-mode built-in
Self-contained authentication with email/password and optional Google OAuth.
Command: oxy serve --auth-mode cognito
Enterprise authentication through AWS Cognito + Application Load Balancer.
Command: oxy serve --auth-mode iap
Zero-trust authentication via Google Identity-Aware Proxy.
Command: oxy serve --auth-mode iap-cloud-run
Cloud Run optimized IAP with enhanced container security.
Feature | Built-in (Recommended) | AWS Cognito | Google IAP | IAP Cloud Run |
---|---|---|---|---|
Setup Complexity | 🟢 Low | 🟡 Medium | 🔴 High | 🟡 Medium |
External Dependencies | ✅ None | ☁️ AWS Services | ☁️ GCP Services | ☁️ GCP Services |
Load Balancer Required | ❌ No | ✅ Yes (ALB) | ✅ Yes (GLB) | ❌ No |
Enterprise SSO | 🔸 Limited | ✅ Full Support | ✅ Full Support | ✅ Full Support |
Multi-factor Auth | 🔸 Basic | ✅ Advanced | ✅ Advanced | ✅ Advanced |
User Management | 📧 Email-based | 👥 Advanced | 👥 Google Workspace | 👥 Google Workspace |
Cost | 💰 Low | 💰💰 Medium | 💰💰 Medium | 💰💰 Medium |
Best For | Quick Start | AWS Ecosystem | GCP Enterprise | GCP Serverless |
Choose your authentication mode: