Console Setup

Before You Start

You must have HPE Machine Learning Data Management installed using one of the following guides:


  1. Set up your Proxy and DNS and point your browser to:
    • http://<external-IP-address-or-domain-name>:80 or,
    • https://<external-IP-address-or-domain-name>:443 if TLS is enabled
  2. Set up your IDP during deployment.
    You can use the mock user (username:admin, password: password) to login to Console when authentication is enabled but no Identity provider was wired (Enterprise).
  3. Configure your Identity Provider
    • As Part of Helm: To configure your Identity Provider as a part of helm install, see examples for the oidc.upstreamIDPs value in the helm chart values specification and read our IDP Configuration page for a better understanding of each field.
    • Manually via Values.yaml: You can manually update your values.yaml with oidc.mockIDP = false.
  4. Connect.

You are all set! You should land on the Projects page of Console.

Enterprise + Helm

When Enterprise is enabled through Helm, Auth is automatically activated. This means that you do not need to run pachctl auth activate; a pachyderm-auth Kubernetes secret is created which contains a rootToken key. Use {{"kubectl get secret pachyderm-auth -o go-template='{{.data.rootToken | base64decode }}'"}} to retrieve it and save it where you see fit.


  • If you run pachctl auth activate, the secret is not updated. Instead, the rootToken is printed in your STDOUT for you to save; the same behavior applies if you activate enterprise manually (pachctl license activate) and then activate authentication (pachctl auth activate).
  • You can set the helm value pachd.activateAuth to false to prevent the automatic bootstrap of auth on the cluster.