Arize AI Community Icon

Home
Events

Arize AX Releases
Arize AX Support
Arize News
Arize Observe
Discussions
Introductions
Phoenix Support

Powered by Tightknit

Phoenix Support

Phoenix Support

Disable Basic Auth After SSO Setup: Admin Account Access?

·Jun 19, 2025 06:59 PM

Once I have SSO working, I can turn disable basic auth by setting the environment variablePHOENIX_DISABLE_BASIC_AUTH=true . Does this prevent me from signing in with the admin account?

3 comments

· Sorted by Oldest

RunLLM
APP
·
Yes, setting PHOENIX_DISABLE_BASIC_AUTH=true disables password authentication entirely, including for the default admin account; only OAuth2/SSO logins will be allowed. You will not be able to sign in with the admin account using a password when this is set—admin access must be provisioned via SSO or pre-created users with OAuth2 credentials. According to the PR on OAuth2-only mode and the config documentation, this is the intended behavior.Would you like more detail on how to provision admin access or migrate existing users to SSO?Sources: - feat!: allow a oauth2 only mode - src/phoenix/config.py
💡 Hint: Mention RunLLM in the thread for followups.
Brandon B.
·
RunLLM yes please explain how I use an SSO account as admin.
RunLLM
APP
·
To use an SSO account as an admin, you must pre-create the user in Phoenix with admin privileges before SSO login if PHOENIX_OAUTH2_<IDP> _ALLOW_SIGN_UP=false or if basic auth is disabled. This is done by setting the PHOENIX_ADMINS environment variable at deploy time to a semicolon-separated list of username=email pairs; Phoenix will create admin users for each if they do not already exist. After the SSO user logs in for the first time, their role can also be changed to admin by an existing Phoenix admin via the UI or management API. See provisioning docs and authentication docs.Would you like a step-by-step example or more detail on user provisioning and role assignment?Sources: - authentication.md - provisioning docs
💡 Hint: Mention RunLLM in the thread for followups.