files/arthur-docs-markdown/platform-management/access-control-overview/index.md.txt

# Access Control Overview

Arthur has supports a variety of mechanisms for authentication, who a user is, and authorization, what a user can do
(RBAC).
By default, Arthur will use a built-in authentication and authorization system. In on-prem installations, cluster
administrators can optionally configure an external Identity Provider (IdP) to control user authentication and
authorization. See the sections below for an overview of Arthur Standard Access Control and Arthur SSO Access Control.

## {doc}`Arthur Standard Access Control <standard_access_control>`

The {doc}`Arthur Standard Access Control <standard_access_control>` page shows how to use the default access control
system in Arthur.

## {doc}`Single-Sign-On (SSO) Access Control <sso-access-control/index>` (On-prem only)

The {doc}`Single-Sign-On (SSO) Access Control <sso-access-control/index>` page shows how to set up and use an external
IdP for access
control.

## Access Control Paradigm Comparison

The following table shows a high level comparison of the different capabilities in
{doc}`Arthur Standard Access Control <standard_access_control>`
and {doc}`Arthur SSO Access Control <sso-access-control/index>`.

| Capability                                             | Arthur Standard Access Control | SSO Access Control         |
|--------------------------------------------------------|--------------------------------|----------------------------|
| User creation                                          | In the Arthur UI               | In the IdP                 |
| User sign-in                                           | In the Arthur UI               | In the IdP                 |
| User password reset                                    | In the Arthur UI               | In the IdP                 |
| Can use Arthur API Keys                                | Yes                            | No                         |
| Supports Custom Roles and RBAC                         | No                             | Yes                        |
| Users can have access to multiple Arthur organizations | Yes                            | Yes                        |
| Availability                                           | All Arthur installations       | On-prem only               |
| Required permissions to configure                      | Organization Admin             | Installation/Cluster Admin |

```{toctree}
:maxdepth: 2
:hidden:

Default Access Control <standard_access_control>
SSO Access Control <sso-access-control/index>
```