OIDC SSO Integration
Feature Availability
Self-Hosted DataHub
Managed DataHub
Note that we do not yet support LDAP or SAML authentication. Please let us know if either of these integrations would be useful for your organization.
If you'd like to do a deeper dive into OIDC configuration outside of the UI, please see our docs here
Getting Details From Your Identity Provider
To set up the OIDC integration, you will need the following pieces of information.
- Client ID - A unique identifier for your application with the identity provider
- Client Secret - A shared secret to use for exchange between you and your identity provider.
- Discovery URL - A URL where the OIDC API of your identity provider can be discovered. This should suffixed by
.well-known/openid-configuration
. Sometimes, identity providers will not explicitly include this URL in their setup guides, though this endpoint will exist as per the OIDC specification. For more info see here.
The callback URL to register in your Identity Provider will be
https://<your-acryl-domain>.acryl.io/callback/oidc
Configuring OIDC SSO
In order to set up the OIDC SSO integration, the user must have the
Manage Platform Settings
privilege.
Enabling the OIDC Integration
To enable the OIDC integration, start by navigating to Settings > Platform > SSO.
- Click OIDC
- Enable the Integration
- Enter the Client ID, Client Secret, and Discovery URI obtained in the previous steps
- If there are any advanced settings you would like to configure, click on the Advanced button. These come with defaults, so only input settings here if there is something you need changed from the default configuration.
- Click Update to save your settings.