> ## Documentation Index
> Fetch the complete documentation index at: https://laminarai-docs-lam-1778-self-host-access-control.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Hosting Options

Laminar can run on our managed cloud or be self-hosted.

## Managed (Laminar Cloud)

1. Sign up at [laminar.sh](https://laminar.sh).
2. Create a project.
3. Copy your project API key from project settings.
4. Set `LMNR_PROJECT_API_KEY` in your environment.

Next: start instrumenting your app by following the tracing entry point: [Tracing](/tracing/introduction).

## Self-hosted (Docker Compose)

Run the full Laminar stack locally with Docker Compose:

```bash theme={null}
git clone https://github.com/lmnr-ai/lmnr
cd lmnr
docker compose up -d
```

The dashboard is available at `http://localhost:5667/`. Create a project through the onboarding flow, then grab your API key from project settings.

### Point the SDK to your local instance

<Tabs items={['TypeScript', 'Python']}>
  <Tab title="TypeScript">
    ```typescript theme={null}
    import { Laminar } from '@lmnr-ai/lmnr';

    Laminar.initialize({
      projectApiKey: "<YOUR_PROJECT_API_KEY>",
      baseUrl: "http://localhost",
      httpPort: 8000,
      grpcPort: 8001,
    });
    ```
  </Tab>

  <Tab title="Python">
    ```python theme={null}
    from lmnr import Laminar

    Laminar.initialize(
        project_api_key="<YOUR_PROJECT_API_KEY>",
        base_url="http://localhost",
        http_port=8000,
        grpc_port=8001,
    )
    ```
  </Tab>
</Tabs>

For production self-hosting options, see the [GitHub repository](https://github.com/lmnr-ai/lmnr).

### Access control

By default, a self-hosted instance accepts sign-in from anyone who can reach it. To require users to authenticate through an OAuth provider, set that provider's credentials. GitHub and Google are configured directly:

```bash theme={null}
AUTH_GITHUB_ID=your_github_oauth_app_id
AUTH_GITHUB_SECRET=your_github_oauth_app_secret

AUTH_GOOGLE_ID=your_google_oauth_client_id
AUTH_GOOGLE_SECRET=your_google_oauth_client_secret
```

Enterprise SSO providers (Azure Entra ID, Okta, Keycloak) are also supported through their own `AUTH_*` variables.

<Note>
  Configuring a provider controls *how* users sign in, not *who* can sign in: anyone with an account at that provider can still create an account on your instance. There is no built-in email allow-list.
</Note>
