# Authentication options Out of the box, StackState is configured with [file-based authentication](/5.1/configure/security/authentication/file.md) with a [default username and password](/5.1/setup/install-stackstate/initial_run_guide.md#default-username-and-password). This authenticates users against a file on the server. However, this isn't a production-ready setup. For better security StackState can be configured to use exactly one of the following authentication mechanisms (replacing the standard admin user): * [File based](/5.1/configure/security/authentication/file.md) * [LDAP](/5.1/configure/security/authentication/ldap.md) * [Open ID Connect (OIDC)](/5.1/configure/security/authentication/oidc.md) * [KeyCloak (a specialized version of OIDC)](/5.1/configure/security/authentication/keycloak.md) {% hint style="info" %} * **Kubernetes** authentication configuration is part of the Helm chart, any changes will automatically triger a restart of the pods requiring that. * **Linux** authentication configuration is stored in the file `etc/application_stackstate.conf` in the StackState installation directory. Restart StackState for any changes made to this file to take effect. {% endhint %} ## User roles When a user has been authenticated permissions for that user are usually assigned based of the roles the user has. The documentation for the specific authentication mechanisms also contain examples on how to map the roles or groups from the external systems to the 4 standard roles of StackState: * **Guest** - able to see information but make no changes. * **Power User** - able to see and change all configuration and install StackPacks. * **Administrator** - able to see and change content of StackState. For example, see all configuration, install StackPacks, grant and revoke user permissions and upload (new versions of) StackPacks. * **Platform Administrator** - able to perform management of the StackState platform. For example, change data retention, clear the database, view logs and cache management. When deciding on the roles to assign your users, it's strongly advised to have only a small group of Platform Administrators and Administrators. For example, only the engineers responsible for installing StackState and doing the initial configuration. Administrator users can manage access to StackState and decide which StackPacks can be used. You can delegate installation of StackPacks and other fine-tuning of the configuration to a larger number of users with the Power User role. Platform Administrator users can clear the database, change data retention settings, view logs and perform other platform management tasks. It's also possible to add more roles, see the page [Roles (RBAC)](/5.1/configure/security/rbac/rbac_roles.md) and the other [RBAC documentation pages](/5.1/configure/security/rbac.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://archivedocs.stackstate.com/5.1/configure/security/authentication/authentication_options.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.