SAML
Integrated authentication with your preferred Identity Provider.
Datasaur supports SAML as an authentication method. As you may already know, it requires an Identity Provider to function properly. This integration is managed under "Settings," which means the scope of SAML authentication is tightly coupled with each Workspace.
Terminology
IdP = Identity Provider, e.g. Okta, Microsoft Entra ID, etc.
SP = Service Provider. In this case, it's Datasaur.
Scope
Users who have been invited to a Workspace with SAML integration can automatically sign in using SAML. In cases where a user has multiple Workspaces, each with its own SAML integration, Datasaur allows users to sign in using different IdPs. That is why Datasaur needs Company ID attribute to correctly select the appropriate IdP for the authentication process when using SAML.
How to Integrate
To integrate your specific IdP with Datasaur, you can initiate the process by enabling it through SAML page on Settings, just like mentioned above. Here is the overview process:
Open the Datasaur app and select a Workspace. Then, navigate to Settings > SAML and click the enable SAML button. Ensure you do not close this form until the process is completed.
In your preferred IdP console, connect it to Datasaur. Detailed guides for specific IdPs can be found in the section below. Use both the "SP Sign-in URL" and "SP Issuer" values on the form to successfully integrate the IdP with Datasaur.
After the integration is complete on the IdP app, fill in these three fields by referencing the values directly from the IdP to complete the form in Datasaur:
IdP Sign-in URL
IdP Issuer
Public certificate
Continue with the additional configuration that may need to be done that highly depends on each IdP.
Specific Guide for an Identity Provider App
SAML Integration Form
Values for IdP
SP Sign-in URL: This is the Datasaur endpoint where SAML responses are posted. You will need to provide this link to your IdP during the integration process.
SP Issuer: The default value is datasaur, but you can customize it to your preferences. This value must match the one you set on the IdP.
Values to be Filled
Company ID: A unique value to help Datasaur distinguish between multiple IdPs. This attribute will be asked when signing in using SAML so that Datasaur can connect to the appropriate IdP.
IdP Sign-in URL: This URL will be requested by Datasaur to perform SAML authentication.
IdP Issuer: This value will be used to determine which IdP Datasaur should look into when receiving the SAML response.
Public Certificate: Datasaur will use this certificate to validate the signature of SAML responses when they arrive.
Authentication
Click the SAML button on the authentication page.
Ensure the Company ID is accurately entered. If you are unsure about the Company ID, please consult your Admin. This ID should already be configured during the SAML integration setup.
Proceed with the authentication process on your IdP.
Registration
If you have never signed in using your IdP account before, registration is required. This process is also conducted through SAML by clicking the corresponding button, as described above. Upon successful registration, the new user will be automatically added to the Workspace equipped with SAML integration.
Last updated