mirror of
				https://github.com/datahub-project/datahub.git
				synced 2025-10-24 15:34:57 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			47 lines
		
	
	
		
			1.9 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			47 lines
		
	
	
		
			1.9 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| ---
 | |
| description: >-
 | |
|   This page will help you set up OIDC SSO with your identity provider to log
 | |
|   into DataHub
 | |
| ---
 | |
| 
 | |
| import FeatureAvailability from '@site/src/components/FeatureAvailability';
 | |
| 
 | |
| # Enable OIDC SSO
 | |
| 
 | |
| <FeatureAvailability saasOnly />
 | |
| 
 | |
| This guide will walk you through configuring OIDC Single Sign-On in DataHub Cloud.
 | |
| 
 | |
| ### Step 1. Complete OIDC Prerequisites
 | |
| 
 | |
| You will need the following in order to enable OIDC SSO in DataHub Cloud:
 | |
| 
 | |
| - Gather the **Client ID**, **Client Secret**, and **Discovery URI** for your OIDC provider, as detailed in [this guide](../../authentication/guides/sso/initialize-oidc.md).
 | |
| - Confirm you have the `Manage Platform Settings` privilege in DataHub.
 | |
| 
 | |
| ### Step 2. Enable OIDC SSO
 | |
| 
 | |
| 1. In DataHub Cloud, navigate to **Settings > Platform > SSO** and choose **OIDC**.
 | |
| 
 | |
| <p align="center">
 | |
|   <img width="80%"  src="https://raw.githubusercontent.com/datahub-project/static-assets/refs/heads/main/imgs/saas/configure-oidc.png"/>
 | |
| </p>
 | |
| 
 | |
| 2. Enter the **Client ID**, **Client Secret**, and **Discovery URI** from Step 1.
 | |
| 3. Confirm your preferred **User Provisioning Strategy**:
 | |
| 
 | |
|    - **Just-in-Time (JIT) Provisioning** is enabled by default, automatically creating a DataHub User on login if one does not exist.
 | |
|    - **Pre-Provisioning DataHub Users** will only allow login for pre-provisioned DataHub Users. _Requires configuring SSO Ingestion._
 | |
| 
 | |
| 4. Optionally enable **Extract Groups** to extract group memberships in the OIDC profile by default. _Requires JIT Provisioning._
 | |
| 5. Click **Connect**.
 | |
| 6. Log out and log back in through SSO to confirm connection succeeded.
 | |
| 
 | |
| <p align="center">
 | |
|   <img width="80%"  src="https://raw.githubusercontent.com/datahub-project/static-assets/main/imgs/saas/image-(10).png"/>
 | |
| </p>
 | |
| 
 | |
| :::note
 | |
| We do not yet support LDAP or SAML authentication. Please let us know if either of these integrations would be useful for your organization.
 | |
| :::
 | 
