Basic Auth (Username / Password) Provider

This section explains how to configure Basic Authentication as an SSO provider in Localtonet using a username and password–based access model.

Basic Auth is useful for simple setups, internal tools, or cases where external identity providers are not required.

When Should I Use Basic Auth?

Basic Auth is recommended when:

  • You need quick protection without external providers

  • The tunnel is used by a small, controlled group

  • You want to define explicit usernames and passwords

  • External SSO (Google, GitHub, etc.) is not available or desired

For production and enterprise environments, external SSO providers are generally recommended.

Step 1: Add a Basic Auth Provider

  1. Open the SSO Providers section in your Localtonet account.

  2. Click Add Provider.

  3. Fill in the provider details:

    • Provider Name
      Any descriptive name (e.g. Basic Auth, Internal Access)

    • Provider Type
      Select Username / Password

  4. Toggle Active if you want the provider enabled immediately.

  5. Click Save.

At this point, the provider is created but has no users yet.

Step 2: Add Users to the Basic Auth Provider

  1. Expand the Details section of the provider.

  2. Under Users, click Add User.

  3. Enter:

    • Username

    • Password

  4. Repeat this step for each user that should have access.

If you change an existing username, you must provide a new password.

  1. Click Save after adding or updating users.

The credentials are securely stored and managed by Localtonet.

Step 3: Enable Basic Auth for an HTTP Tunnel

  1. Open the HTTP Tunnel Settings for the tunnel you want to protect.

  2. Navigate to SSO Providers → Manage.

  3. Enable SSO for this tunnel.

  4. Toggle Basic Auth (Username / Password) to enable it for the tunnel.

  5. Configure optional tunnel-level settings:

    • SSO Path(s) – paths that require authentication

    • Logout Path – logout endpoint

    • Allowed Domains / Emails / Usernames

  6. Click Save Changes.

What Happens Next?

When a user accesses the tunnel URL:

  1. The request is intercepted by the Localtonet authentication layer.

  2. The user is prompted to enter a username and password.

  3. Credentials are validated against the configured users.

  4. Access is granted or denied based on the result.

Your local service does not handle authentication.

Security Notes & Best Practices

  • Use strong, unique passwords for each user

  • Rotate passwords periodically

  • Remove unused users promptly

  • Prefer external SSO providers for sensitive or public-facing services

  • Use HTTPS-only tunnels when using Basic Auth

Limitations

  • No federation or identity sharing

  • Manual user management

  • No MFA support

Despite these limitations, Basic Auth remains a simple and effective solution for many use cases.