Use Token as your Authentication Provider

Okteto defaults to token-based authentication to simplify the installation and configuration of Okteto self-hosted.

In this mode, Okteto automatically generates a token for an Admin user that you can use to log in to the Okteto UI and start exploring Okteto's features and functionality much faster than configuring other authentication methods. Other authentication methods can be more time-consuming and cumbersome to configure.

Once tou log in, you can also invite other users by generating an "Invitation Link" fron the Admin view. This option allows you to grant access to other users to continue your evaluation.

Once you've completed the product evaluation, we recommend switching to another authentication method for your final rollout. Token-based authentication is not ideal for production use of Okteto.

To use token-based authentication, remove the auth section of your Okteto Helm configuration file and upgrade your Okteto instance for the new configuration to be applied. Then, follow our post-installation notes to learn how to login to the Okteto UI and configure your Okteto CLI with a randomly generated token.

Retrieve a User's Token

Okteto generates "Invitation Links" in Token Auth mode to allow other users to log in to Okteto. When a user logs in to Okteto via the Invitation Link, a "Welcome screen" is presented showing the user's token. This token can be used to log in from the Okteto UI or using the Okteto CLI.

The "Welcome screen" prompts the user to store this token securely. In the event of losing this token, the cluster admin can retrieve the token of a given username by executing the following command:

kubectl get sa -l=dev.okteto.com/external-id=<username> -o=jsonpath='{.items[0].metadata.labels.dev\.okteto\.com/token}'