Use BasicAuth *instead* of Metabase's authentication

I would like to use BasicAuth instead of Metabase’s authentication system.

Concretely, a user would go to, Apache would prompt for BasicAuth credentials and once the user is vetted, would forward the request to Metabase along with something like “ {This request} is from {Alice}. No need to check her credentials because I have already vetted her”.

Question: Is this something Metabase can do? If so, in which flavour (OS, Entreprise)?

I am aware there is an option for SAML in the Enterprise version. I am looking for BasicAuth specifically.

Hi @ebosi
From what I know, you would have to roll your own authentication system, which would then inject session key after the BasicAuth vetting. It’s a lot of play with reverse-proxy, scripts and perhaps API requests to generate sessions on-the-fly inside the proxy request (think Nginx might be able to do some of it with Lua script module).
It would probably be easier to setup LDAP and connect that in Metabase.

Thanks for your answer.

The reason I’ve asked is because we already have this authentication system (so we’d have only one system to manage users/credentials). So we’d really like to use this instead of LDAP (especially as we wouldn’t have all potential users on LDAP).

@ebosi You might wanna have a look at this too - there’s multiple reasons why something like this will likely never get implemented:

1 Like

Thank you for the feedback!