How-to | Activate single sign-on (SSO)#

Upon request, the support team can activate single sign-on (SSO) for eligible subscriptions with the information detailed below.

To do so, you will need to:

  1. Create an application in your identity provider to connect with Dataiku’s service.

  2. Send the information so that Dataiku’s support team can set it up.

Create a Dataiku Cloud application in your identity provider#

  1. First, you need to create a Dataiku Cloud application in your identity provider. Please check the documentation of your identity provider. To do so you will need to provide the following information:

    • Single sign-on URL: https://sso.dataiku.com/login/callback

    • Audience URI: urn:auth0:dataiku:dataiku_space_id

    Note

    You need to replace dataiku_space_id by your space ID found in the Settings panel of your Launchpad.

  2. Map the following value to the relevant attribute in your identity provider or fixed value:

    • given_name to the attribute representing the user’s first name.

    • family_name to the attribute representing the user’s last name.

    • user_id to the attribute representing the user’s email address in lowercase.

    • email to the attribute representing the user’s email address in lowercase.

    • email_verified set to the value "true".

    • groups to the attribute representing the value you want to use for SSO mapping.

Warning

  • Avoid mapping any additional attributes or adding namespaces for these attributes.

  • To send to lowercase, use toLowercase(attribute) in Azure AD and String.toLowerCase(attribute) in Okta. If you are utilizing different Identity Providers (IdPs), please refer to their respective documentation.

  • IdP-initiated Single Sign-On isn’t supported.

Contact the support team with the correct information#

  1. You will need to gather the following information:

    • The single-sign-on (SSO) URL of your identity provider

    • The x.509 certificate

    • Or your identity provider Metadata link

    • The email domain you wish to use with SAML

    • The space id

  2. Please send this information on support chat on Dataiku Cloud or mail to support-dataikucloud -at- dataiku -dot- com to get the SSO activated on your subscription. The support team will get back to you when the setup is ready or if they need additional information.