Was this page helpful?
This guide explains how to enable SSO on your ScyllaDB Cloud account.
SSO for ScyllaDB Cloud is a premium feature. Please contact your ScyllaDB account manager for details and pricing.
SAML SSO is an authentication method that allows you to securely authenticate with multiple applications using one set of credentials. If SAML is enabled and configured in your organization, you can configure an SSO connection directly from ScyllaDB Cloud and allow other users to sign in to your ScyllaDB Cloud account using SAML SSO.
To enable SAML SSO for ScyllaDB Cloud, you will have to:
Contact ScyllaDB to have the feature enabled for your ScyllaDB account.
Configure your SAML IdP Provider. In this guide, we use Okta as an example.
Configure SSO in ScyllaDB Cloud.
You must have the Admin and SSO roles to configure SSO in ScyllaDB Cloud. See User Roles for details.
You must have administrator access to your domain DNS records to complete the SSO setup.
In this section, we’re using Okta as an example IdP provider.
To configure Okta:
Create a new SAML application with Okta (IdP) that you can use as the Identity Provider for users. Select SAML 2.0 and click Next.
In the General Settings tab, enter a name for the SAML App, then click Next.
In the Configure SAML tab, add the following information (besides the existing defaults), then click Next.
Single sign-on URL: https://auth.cloud.scylladb.com/auth/saml/callback
Audience URI: scylla-cloud
Name ID format: EmailAddress
Application username: Okta username
Navigate to your Okta application, and click the Sign On tab.
Copy the metadata URL in the Metadata details field and open the URL in the new tab. An XML file will open.
Save the XML file locally. You will need it in one of the following steps for configuring SSO in ScyllaDB Cloud.
To configure SSO:
Log into ScyllaDB Cloud. If you have more than one account, ensure you are on the desired account.
Go to Settings> SSO.
Click Add New to configure an identity provider. You can choose to manually fill out the SSO details or upload a metadata file from your identity provider.
Automatic configuration (recommended): Choose AUTOMATIC and upload the XML file you downloaded as the final step of the IdP provider configuration.
Manual configuration: Choose MANUAL and enter the SSO Endpoint and Public Certificate from the identity provider. You can find them in Okta by navigating to Applications> ScyllaDB Cloud> Sign On> View SAML setup instructions.
Enter the SSO domain and click Proceed.
Copy the Record Name and Record Value values into a new TXT record in your domain DNS records. Then, click Validate.
Specify the default SSO role. New users signing up to ScyllaDB Cloud for the first time with the specific email domain will automatically be assigned this role.
(Optional) Click Add mapping in the Roles Groups Mapping section to map between your SSO groups and ScyllaDB Cloud roles. The mapping option is available if your organization has a single ScyllaDB Cloud account.
Was this page helpful?