Was this page helpful?
SAML Single Sign-On (SSO)¶
Available with the Premium plan
This guide explains how to enable SSO on your ScyllaDB Cloud account.
Overview¶
SAML SSO is an authentication method that allows you to securely authenticate with multiple applications using one set of credentials. If SAML is enabled and configured in your organization, you can configure an SSO connection directly from ScyllaDB Cloud and allow other users to sign in to your ScyllaDB Cloud account using SAML SSO.
To enable SAML SSO for ScyllaDB Cloud, you will have to:
Contact ScyllaDB to have the feature enabled for your ScyllaDB account.
Configure your SAML Identity Provider (IDP).
Configure SSO in ScyllaDB Cloud.
Prerequisites¶
You must have the Admin and SSO roles to configure SSO in ScyllaDB Cloud. See User Roles for details.
You must have administrator access to your domain DNS records to complete the SSO setup. ScyllaDB Cloud requires you to validate your organization’s domain (via DNS TXT record) to make sure you own it.
Configuring SAML IDP¶
Log into ScyllaDB Cloud. If you have more than one account, ensure you are on the desired account.
Go to Settings> SSO> Setup SSO connection via the drop-down in the top right corner.
Select your SAML Identity Provider (IDP) to open a step-by-step configuration wizard. If your IDP is not on the list, see Custom SAML.
Follow the steps in the wizard to configure your IDP.
You will be instructed to log in to your IDP application, such as Okta Application or Azure Portal, and perform the configuration steps.
The instructions will include the values you can copy-paste.
When the IDP configuration is completed, you’ll proceed to configure SSO on ScyllaDB Cloud.
Custom SAML¶
If your SAML IDP is not on the list, choose the Custom SAML option and provide your IDP metadata.
If you choose the automatic configuration, you will be instructed to locate the metadata URL for your SAML app and paste it into the IdP Metadata URL field.
If you choose the manual configuration, you will be instructed to fill out the form for manual SAML configuration.
Configuring SSO on ScyllaDB Cloud¶
After configuring IDP, follow the SSO connection wizard:
Enter your organization’s domain and click Proceed.
Copy the Record Name and Record Value values into a new TXT record in your domain DNS records. Then, click Validate.
Specify the default SSO role. New users signing up to ScyllaDB Cloud for the first time with the specific email domain will automatically be assigned this role.
(Optional) Click Add mapping in the Roles Groups Mapping section to map between your SSO groups and ScyllaDB Cloud roles. The mapping option is available if your organization has a single ScyllaDB Cloud account.
Click Done.