GuidesBlog
GuidesAPI ReferenceDiscussions
GuidesBlogPlatform
Platform

Authentication Providers (OAuth/SAML)

OAuth/SAML configuration settings for Databand Self-Hosted.

Suggest Edits

OAuth2 integrations

Databand currently supports the following OAuth2 providers:

  • GitHub
  • GitLab
  • Okta
    We also support SAML, see below.

All integrated providers should appear on Databand web Login page:

1035

Other OAuth2 providers are not supported out of the box, but you can request such implementations.
Please add the following variables to your custom.env file.

GitHub

GitHub configuration:

DBND__AB_AUTH__OAUTH2_PROVIDERS=["github"]
DBND__AB_AUTH__GITHUB_KEY=************
DBND__AB_AUTH__GITHUB_SECRET=************

Okta

Okta configuration:


DBND__AB_AUTH__OAUTH2_PROVIDERS='["okta"]'
DBND__AB_AUTH__OKTA_KEY=************
DBND__AB_AUTH__OKTA_SECRET=************
DBND__AB_AUTH__OKTA_BASE_URL=https://dev-******.okta.com/oauth2/default

GitLab

GitLab configuration:

DBND__AB_AUTH__OAUTH2_PROVIDERS='["gitlab"]'
DBND__AB_AUTH__GITLAB_KEY=************
DBND__AB_AUTH__GITLAB_SECRET=************

### Multiple Providers Configuration

Make sure you update DBND__AB_AUTH__OAUTH2_PROVIDERS with all relevant providers. For example:
```bash
DBND__AB_AUTH__OAUTH2_PROVIDERS=["github","okta","gitlab"]

SAML with OKTA

You can find the full guide on configuring OKTA here

To configure DBND with SAML details use following variables:

DBND__AB_AUTH__SAML_PROVIDER_NAME=okta
DBND__AB_AUTH__SAML_ENTITYID=http://www.okta.com/************
DBND__AB_AUTH__SAML_METADATA_URL=https://dev-*****.okta.com/app/************/sso/saml/metadata

Requirements

The following information is required.

Entity ID

Make sure that you set Audience Restriction to Identity Provider Issuer value. Both Audience and Issuer are defined in DBND__AB_AUTH__SAML_ENTITYID.

Attribute Mappings

Attribute mappings need to include:

  • firstName
  • lastName
  • email
  • username

SSO and other URLs

The URLs you provide should be in the following format: https://<databand-host>/saml/sso/<saml-provider-name>

E.g.: https://companyname/saml/sso/okta

Example Configuration

Let's see how to enable authentication providers for a sample project dbnd-saml-example. The following screenshots are consecutive screenshots of the same page.

Part 1. (Beginning)

1494

Part 2. (General Settings)

1382

Step 3. (Attribute Statements)

1208

SAML with Azure AD

You can find the full guide on configuring Azure AD here

To configure DBND with SAML details use following variables:

DBND__AB_AUTH__SAML_PROVIDER_NAME=azure
DBND__AB_AUTH__SAML_ENTITYID=https://sts.windows.net/************/"
DBND__AB_AUTH__SAML_METADATA_URL=https://login.microsoftonline.com/****/federationmetadata/2007-06/federationmetadata.xml?appid=******

Requirements

The following information is required.

Attribute Mappings

Attribute mappings need to include (without namespace):

  • firstName
  • lastName
  • email
  • username

SSO and other URLs

The URLs you provide should be in the following format: https://<databand-host>/saml/sso/<saml-provider-name>

E.g.: https://<companyname>.databand.ai/saml/sso/azure

Example Configuration

Add Azure AD SAML Toolkit

1976

Getting started contains 4 steps to complete

2780

Start with adding users and groups that will be allowed to use SSO

2778

Configure SSO with URLs and Attributes mappings

2220

Double check Attributes mappings (click "Edit"), there should not be any prefix for claim names

1872

Open download link for metadata XML file, copy URL and EntityId to set them in databand

2522

Optional self-service configs

1944

Updated about 1 month ago