Setting Up Single Sign On (SSO)
Configure your team's SSO to allow users to easily and securely log in to their accounts.
Configuring your SSO
Log in to Datapeople or Create an Account if you have not already.
Browse to the SSO Setup page: Settings --> Single Sign-on
Note: Only users with Admin permission will have access to this page. If you do not have access to this page and are ready to configure SSO, please ask your account admins to grant you Admin privileges or contact support@datapeople.io.
1) Configure the connection in your SSO Provider
On the SSO setup page, click "Start SSO Setup" and you'll find the information needed to set up the connection in your SSO provider:
- The user’s unique IdP identifier should be mapped as “NameId” in the assertion.
- The SAML assertion should also include the following attributes, named exactly as below:
| Attribute Name | Contents |
|---|---|
| User email address | |
| firstName | User first name |
| lastName | User last name |
- ACS URL: Both the recipient and destination URL for this SSO connection, sometimes called reply URL.
- Metadata URL: The audience restriction URL inputs for this SSO connection
Note: your SSO Provider may have slightly different labels for the ACS and Metadata URL inputs.
- User Login URL: A unique Datapeople login URL that will direct your users directly to your SSO authentication flow to log into Datapeople.
Reminder! Be sure to enable any necessary security/user groups in your SSO Provider to share access with Datapeople with the correct internal teams/users.
Once you have configured the connection, keep your SSO Provider's IdP metadata on hand and return to Datapeople.
2) Add SSO Configurations to Datapeople
Paste the following 3 items from your SSO Provider's IdP metadata into the SSO Setup Page in Datapeople:
- Entity ID: Example: http://www.sso.com/sdi234uM5we8l1Md7
- SAML Location URL: Example: https://sso.com/app/companyname/sdi234uM5we8l1Md7/sso/saml
- Certificate: Usually labeled X509Certificate, beginning with "MII"
Click "Submit."
Next, click "Test Configuration" - this will redirect you to authenticate with your SSO provider to confirm the connection is working. This button will not appear until you submit your IdP Metadata details.
If this is successful, your team may now use your SSO provider to log in to Datapeople. However, there is one more important step!
3) Enable Mandatory SSO
Once you successfully test an SSO login using the Test Configuration button, you will see a new option to Enable Mandatory SSO:
Simply toggle the button to "Enabled" and we will automatically redirect users to your SSO provider to log in if anyone tries to sign in to Datapeople with an email listed on your SSO Setup page (those that are associated with your organization).
FAQs
What SSO providers are supported by Datapeople?
Any SAML-based SSO provider.
Does Datapeople support auto-provisioning users via SSO?
No.
Does Datapeople support IdP (Identity Provider) initiated or SP (Service Provider) initiated connections?
Both. Users may log in directly from your Identity Provider's portal, and if they attempt to log in to Datapeople with an email address that has a domain listed on your SSO Setup page, we will direct them to the IdP to authenticate.