Tunnel Authentication
Protect your tunnels with various authentication methods.
Basic Authentication
arm tunnel 3000 --basic-auth "username:password"
Visitors must enter credentials to access the tunnel.
OAuth/OIDC Authentication
Require users to authenticate with OAuth:
arm tunnel 3000 --auth --oauth-provider google
Supported providers:
- GitHub
- Microsoft
- Custom OIDC
SAML 2.0 (Enterprise)
Integrate with your identity provider:
arm tunnel 3000 --auth --saml-metadata https://idp.company.com/metadata
IP Whitelisting
Restrict access to specific IPs:
arm tunnel 3000 --ip-whitelist "192.168.1.0/24,10.0.0.1"
Combining Methods
Use multiple authentication methods:
arm tunnel 3000 \
--auth \
--oauth-provider google \
--ip-whitelist "10.0.0.0/8"
Authentication Flow
- User visits tunnel URL
- TunnelAPI checks authentication requirements
- User is redirected to login if needed
- After authentication, request is forwarded to your local server
Dashboard Configuration
Configure authentication in the web dashboard:
- Go to Tunnels → Your Tunnel → Settings
- Enable authentication
- Configure allowed users/domains
- Save settings