Authentication and authorization
H2O AI Engine Manager (AIEM) authenticates every request through the platform-managed identity provider and authorizes it against workspace-scoped RBAC roles. This page explains how both mechanisms work so that administrators understand the security model and developers know how to authenticate their API calls.
Authentication
AIEM does not manage user accounts or credentials. Instead, it delegates authentication to the platform-managed identity provider through OIDC/OAuth2. Users authenticate once with the identity provider and pass the resulting access token on every AIEM request.
Token validation
AIEM validates every access token before processing a request:
- Signature verification — AIEM verifies the token signature using the identity provider's public keys. Supported RSA algorithms: RS256, RS384, and RS512.
- Expiration check — Expired tokens are rejected.
- Issuer verification — The token's
issclaim must match the configured OIDC issuer.
If validation fails, AIEM returns HTTP 401 (Unauthenticated).
How to pass the token
Pass the bearer token in the Authorization header on every request:
Authorization: Bearer <token>
This applies to REST API calls, the Python client, and curl.
Identity extraction
After validating the token, AIEM extracts the following claims:
| Claim | Purpose |
|---|---|
sub (subject) | Unique user identifier, stored as users/<subject>. |
| Display name claim | User's display name, shown in engine creator fields. |
| Role claim | OIDC roles from the identity provider, used for profile access restrictions (assigned_oidc_roles). |
AIEM derives identity from the token on every request. There is no session state and no separate account creation step and a user's identity is established on their first authenticated API call.
Authorization
After authentication, AIEM checks whether the caller has permission to perform the requested operation in the target workspace.
Workspace-scoped model
All AIEM permissions are scoped to a workspace. The same user can hold different roles in different workspaces, for example, DAI Engine Admin in a platform workspace and DAI Engine Reader in a project workspace.
On each request, AIEM:
- Determines the target workspace from the resource name (for example,
workspaces/my-project/daiEngines/abc). - Queries H2O AuthZ server whether the requesting user is allowed to perform this action in this workspace.
- Allows or denies the request based on the result from H2O AuthZ server.
If the user lacks the required permission, AIEM returns HTTP 403 (Permission Denied).
Authorization actions
Every AIEM operation requires a specific authorization action, for example actions/enginemanager/daiEngines/CREATE. The RBAC roles and permissions page lists every action and which roles include it.
Profile-level access control
In addition to RBAC roles, engine profiles can restrict access to specific OIDC roles. When assigned_oidc_roles_enabled is true on a profile, AIEM checks the user's OIDC roles (from the identity provider token) against the profile's assigned_oidc_roles list before allowing engine creation with that profile. See Profile access restrictions for details.
API authentication examples
REST API with curl
# Obtain a token from your identity provider, then:
curl -H "Authorization: Bearer $TOKEN" \
https://ENGINEMANAGER_URL/v1/workspaces/my-project/daiEngines
Python client
The Python client handles authentication through the login flow:
from h2o_engine_manager import login
client = login(
environment="https://cloud.h2o.ai",
token_provider=lambda: "your-access-token",
)
See Python client login for the full authentication setup.
Related topics
- RBAC roles and permissions — the nine built-in roles and the permissions each grants.
- Engine profile security configuration — profile-level OIDC role restrictions.
- Audit trail — how AIEM records the principal and action for every request.
- Submit and view feedback for this page
- Send feedback about AI Engine Manager to cloud-feedback@h2o.ai