mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2026-01-08 21:48:22 +00:00
3.4 KiB
3.4 KiB
| title | slug |
|---|---|
| OneLogin SSO | /deployment/security/one-login |
OneLogin SSO
Follow the sections in this guide to set up OneLogin SSO.
Create Server Credentials
Step 1: Configure a new Application
- Login to OneLogin as an administrator and click on Applications
- Click on the
Add Appbutton and search foropenid connect - Select the
OpenId Connect (OIDC)app
- Change the Display Name of the app to
Open Metadataand clickSave
- Configure the login Url (
http(s)://<domain>/signin) and redirect URI (http(s)://<domain>/callback) as shown below
- Configure the users in the organization that can access OpenMetadata app by clicking on the
Users
- Click on "SSO" and select
None (PKCE)for Token Endpoint.
Step 2: Where to find the Credentials
- Go to "SSO" and copy the Client ID
- Copy the Issuer URL
Create Service Account (optional)
This step is optional if you configure the ingestion-bot with the JWT Token, you can follow the documentation of Enable JWT Tokens.
Create Secret Key
- Navigate to "SSO" settings of the application and click on
Show client secretto copy the secret key
After the applying these steps, you can update the configuration of your deployment:
Configure OneLogin SSO for your Docker Deployment. Configure OneLogin SSO for your Bare Metal Deployment. Configure OneLogin SSO for your Kubernetes Deployment.Configure Ingestion
After everything has been set up, you will need to configure your workflows if you are running them via the
metadata CLI or with any custom scheduler.
Note that OneLogin SSO is a layer on top of Custom OIDC.
When setting up the YAML config for the connector, update the workflowConfig as follows:
workflowConfig:
openMetadataServerConfig:
hostPort: 'http://localhost:8585/api'
authProvider: custom-oidc
securityConfig:
clientId: '{your_client_id}'
secretKey: '{your_client_secret}'
domain: '{your_domain}'