Single Sign On (SSO) on Dataiku Cloud

Single sign-on (SSO) can be activated on Dataiku Cloud to enable your users to authenticate using your SAML 2.0-compliant organization’s identity provider (IdP).

Reference | Supported identity providers for SSO

Dataiku Cloud has been tested with the following identity providers:

  • Okta

  • Azure Azure Directory

  • Microsoft AD FS

  • Ping

How-to | Activate Single Sign-on (SSO)

Single Sign-on (SSO) can be activated upon request by the support team for eligible subscriptions with the information detailed below.

To do so, you will need to:

  1. Create an application in your identity provider to connect with our service.

  2. Then send us the information so our team can set it up.

Create a Dataiku Cloud application in your identity provider

  1. First, you need to create a Dataiku Cloud application in your identity provider. Please check the documentation of your identity provider. To do so you will need to provide the following information:

    • Single sign on URL: https://sso.dataiku.com/login/callback

    • Audience URI: urn:auth0:dataiku:dataiku_space_id

    Note

    You need to replace dataiku_space_id by your space ID that can be found in the Settings panel of your Launchpad.

  2. Map the following value to the relevant attribute in your identity provider or fixed value:

  • given_name to the attribute representing the user’s first name.

  • family_name to the attribute representing the user’s last name.

  • user_id to the attribute representing the user’s email address in lowercase.

  • email to the attribute representing the user’s email address in lowercase.

  • email_verified set to the value “true”.

Warning

  • Avoid mapping any additional attributes or adding namespaces for these attributes.

  • To send to lowercase, use toLowercase(attribute) in Azure AD and String.toLowerCase(attribute) in Okta. If you are utilizing different Identity Providers (IdPs), please refer to their respective documentation.

Contact us with the correct information

  1. You will need to gather the following information:

    • The single-sign-on (SSO) URL for your identity provider

    • The x.509 certificate

    • Or your identity provider Metadata link

    • The email domain you wish to use with SAML

    • The space id

  2. Please send this information on support chat on Dataiku Cloud or mail to support-dataikucloud -at- dataiku -dot- com to get the SSO activated on your subscription. We will get back to you when the setup is ready or if we need additional information.