Understanding Proxied Authentication


RStudio's Professional products (RStudio Workbench (previously RStudio Server Pro), RStudio Connect, and Shiny Server Pro) all support proxied authentication.

Proxied authentication allows these tools to integrate with other Single Sign On (SSO) and Identity Access Management (IAM) tools that are not directly supported. 

A good place to start is this video:


The standard authentication process consists of 4 steps:


Normally, the RStudio product handles both authentication and access (step 2, step 3, and step 4 above). Proxied authentication allows the authentication process -  step 2 and step 3 - to be outsourced to a proxy server. The proxy server, in turn, can utilize a number of methods for certifying that a user is who they say they are.


Under proxied authentication, all RStudio products accept a secure HTTP header containing a key-value pair that identifies the user. The name of the key is set in the relevant product's configuration file. Once the user is authenticated and identified, a connection is established and they can proceed to work as normal. For RStudio Workbench, the identified user is mapped to a local user account and an RStudio session is started on their behalf. For RStudio Connect and Shiny Server Pro, the user is signed in as a named user and granted access to the content they're allowed to view.

For more details, please visit the relevant portions of the admin guides: