ScyllaDB University Live | Free Virtual Training Event
Learn more
ScyllaDB Documentation Logo Documentation
  • Server
    • ScyllaDB Open Source
    • ScyllaDB Enterprise
    • ScyllaDB Alternator
  • Cloud
  • Tools
    • ScyllaDB Manager
    • ScyllaDB Monitoring Stack
    • ScyllaDB Operator
  • Drivers
    • CQL Drivers
    • DynamoDB Drivers
Download
Menu
ScyllaDB Docs ScyllaDB Cloud Access Management SAML Single Sign-On (SSO)

SAML Single Sign-On (SSO)¶

This guide explains how to enable SSO on your ScyllaDB Cloud account.

Note

SSO for ScyllaDB Cloud is a premium feature. Please contact your ScyllaDB account manager for details and pricing.

Overview¶

SAML SSO is an authentication method that allows you to securely authenticate with multiple applications using one set of credentials. If SAML is enabled and configured in your organization, you can configure an SSO connection directly from ScyllaDB Cloud and allow other users to sign in to your ScyllaDB Cloud account using SAML SSO.

To enable SAML SSO for ScyllaDB Cloud, you will have to:

  1. Contact ScyllaDB to have the feature enabled for your ScyllaDB account.

  2. Configure your SAML IdP Provider. In this guide, we use Okta as an example.

  3. Configure SSO in ScyllaDB Cloud.

Prerequisites¶

  • You must have the Admin and SSO roles to configure SSO in ScyllaDB Cloud. See User Roles for details.

  • You must have administrator access to your domain DNS records to complete the SSO setup.

Configuring SAML IdP Provider¶

In this section, we’re using Okta as an example IdP provider.

To configure Okta:

  1. Create a new SAML application with Okta (IdP) that you can use as the Identity Provider for users. Select SAML 2.0 and click Next.

    ../_images/okta-saml2.0.png
  2. In the General Settings tab, enter a name for the SAML App, then click Next.

    ../_images/okta-saml-settings-app-name.png
  3. In the Configure SAML tab, add the following information (besides the existing defaults), then click Next.

    • Single sign-on URL: https://auth.cloud.scylladb.com/auth/saml/callback

    • Audience URI: scylla-cloud

    • Name ID format: EmailAddress

    • Application username: Okta username

    ../_images/okta-saml-config-info.png
  4. Navigate to your Okta application, and click the Sign On tab.

    ../_images/okta-sing-on-metadata.png
  5. Copy the metadata URL in the Metadata details field and open the URL in the new tab. An XML file will open.

  6. Save the XML file locally. You will need it in one of the following steps for configuring SSO in ScyllaDB Cloud.

Configuring SSO on ScyllaDB Cloud¶

To configure SSO:

  1. Log into ScyllaDB Cloud. If you have more than one account, ensure you are on the desired account.

  2. Go to Settings> SSO.

  3. Click Add New to configure an identity provider. You can choose to manually fill out the SSO details or upload a metadata file from your identity provider.

    • Automatic configuration (recommended): Choose AUTOMATIC and upload the XML file you downloaded as the final step of the IdP provider configuration.

    • Manual configuration: Choose MANUAL and enter the SSO Endpoint and Public Certificate from the identity provider. You can find them in Okta by navigating to Applications> ScyllaDB Cloud> Sign On> View SAML setup instructions.

  4. Click Proceed.

  5. Enter the SSO domain and click Proceed.

  6. Copy the Record Name and Record Value values into a new TXT record in your domain DNS records. Then, click Validate.

  7. Specify the default SSO role. New users signing up to ScyllaDB Cloud for the first time with the specific email domain will automatically be assigned this role.

  8. (Optional) Click Add mapping in the Roles Groups Mapping section to map between your SSO groups and ScyllaDB Cloud roles. The mapping option is available if your organization has a single ScyllaDB Cloud account.

  9. Click Done.

Was this page helpful?

PREVIOUS
Access Management
NEXT
User Management
ScyllaDB Cloud
  • New to ScyllaDB? Start here!
  • Quick Start Guide to ScyllaDB Cloud
  • About ScyllaDB Cloud as a Service
    • Benefits
    • Backups
    • Best Practices
    • Managing ScyllaDB Versions
    • Support, Alerts, and SLA Commitments
    • Costs
  • Deployment
    • Cloud Providers
    • Deploy ScyllaDB Cloud to Your Own AWS Account
    • AWS Virtual Private Network (VPC) Peering Setup Guide
    • GCP Virtual Private Network (VPC) Peering Setup Guide
  • Access Management
    • SAML Single Sign-On (SSO)
    • User Management
  • Managing Clusters
    • Maintenance Windows
    • Scaling a Cluster
    • Deleting a Cluster
  • Using ScyllaDB
    • Apache Cassandra Query Language (CQL)
    • ScyllaDB Drivers
    • Tracing
    • Role Based Access Control (RBAC)
    • ScyllaDB Integrations
  • Monitoring
    • Extracting Cluster Metrics
  • Security
    • ScyllaDB Cloud Security Best Practices
    • ScyllaDB Cloud Compliance
    • ScyllaDB Cloud Security Concepts
  • Serverless
  • Free Trial
  • Tutorials
  • API Documentation
    • Get Started with the ScyllaDB Cloud API
    • API Reference (BETA)
  • Terraform Provider
  • Getting Help
    • ScyllaDB Cloud FAQ
  • Create an issue

On this page

  • SAML Single Sign-On (SSO)
    • Overview
    • Prerequisites
    • Configuring SAML IdP Provider
    • Configuring SSO on ScyllaDB Cloud
Logo
Docs University Contact Us About Us
Mail List Icon Slack Icon Forum Icon
© 2023, ScyllaDB. All rights reserved.
Last updated on 05 Jun 2023.
Powered by Sphinx 4.3.2 & ScyllaDB Theme 1.5.1