Authentication Providers (OAuth/SAML)

OAuth/SAML configuration settings for Databand Self-Hosted.

OAuth2 integrations

Databand currently supports the following OAuth2 providers:

  • GitHub
  • GitLab
  • Okta

Other OAuth2 providers are not supported out of the box, but you can request such implementations.

GitHub

GitHub configuration:

export DBND__AB_AUTH__OAUTH2_PROVIDERS='["github"]'
export DBND__AB_AUTH__GITHUB_KEY=************
export DBND__AB_AUTH__GITHUB_SECRET=************

Okta

Okta configuration:

export DBND__AB_AUTH__OAUTH2_PROVIDERS='["okta"]'
export DBND__AB_AUTH__OKTA_KEY=************
export DBND__AB_AUTH__OKTA_SECRET=************
export DBND__AB_AUTH__OKTA_BASE_URL=https://dev-******.okta.com/oauth2/default

GitLab

GitLab configuration:

export DBND__AB_AUTH__OAUTH2_PROVIDERS='["gitlab"]'
export DBND__AB_AUTH__GITLAB_KEY=************
export DBND__AB_AUTH__GITLAB_SECRET=************

All Providers Combined

export DBND__AB_AUTH__OAUTH2_PROVIDERS='["github","okta","gitlab"]'
# github
export DBND__AB_AUTH__GITHUB_KEY=************
export DBND__AB_AUTH__GITHUB_SECRET=************
# gitlab
export DBND__AB_AUTH__GITLAB_KEY=************
export DBND__AB_AUTH__GITLAB_SECRET=************
# okta
export DBND__AB_AUTH__OKTA_KEY=************
export DBND__AB_AUTH__OKTA_SECRET=************
export DBND__AB_AUTH__OKTA_BASE_URL=https://dev-*****.okta.com/oauth2/default

SAML

SAML support was tested with OKTA provider. You can find the full guide on configuring OKTA here

To configure DBND with SAML details use following variables:

export DBND__AB_AUTH__SAML_PROVIDER_NAME=okta
export DBND__AB_AUTH__SAML_ENTITYID=http://www.okta.com/************
export DBND__AB_AUTH__SAML_METADATA_URL=https://dev-*****.okta.com/app/************/sso/saml/metadata

Requirements

The following information is required.

Entity ID

Make sure that you set Audience Restriction to Identity Provider Issuer value. Both Audience and Issuer are defined in DBND__AB_AUTH__SAML_ENTITYID.

Attribute Mappings

Attribute mappings need to include:

  • firstName
  • lastName
  • email
  • username

SSO and other URLs

The URLs you provide should be in the following format: https://<dbnd-host>/saml/sso/<saml-provider-name>

E.g.: https://companyname/saml/sso/okta

Example Configuration

Let's see how to enable authentication providers for a sample project dbnd-saml-example. The following screenshots are consecutive screenshots of the same page.

Part 1. (Beginning)

Part 2. (General Settings)

Step 3. (Attribute Statements)

As a result of the integration, the authentication providers should appear on your Databand web login page.


Did this page help you?