Authentication and authorization
Authentication and authorization are sequential security processes. Authentication verifies a user’s identity, such as through a password or authentication app. Authorization, also known as access control or client privilege, grants a user or entity permission to access specific resources or functions. Typically, an organization’s administrators control authorization by assigning roles to users.
Single sign-on
In addition to username and password authentication, Astra DB Serverless supports single sign-on with multiple identity providers.
Sign in with a SAML IdP
You can sign in to the Astra Portal through your SAML IdP if your Organization Administrator has enabled SSO. DataStax supports any SAML-compatible IdP, including Entra ID, Okta, OneLogin, Google Identity Platform, and Ping Identity. For more information, see Configure single sign-on.
Sign in with Google
You can use your Gmail or Google Workspace account to create an Astra DB account and sign in to the Astra Portal.
Sign in with GitHub
You can use your GitHub account to create an Astra DB account and sign in to the Astra Portal.
|
To use GitHub for Astra DB authentication, you must have a public email address in your GitHub profile. If you are a new user, make your email public before you create an Astra DB account. If you are an existing user and you selected keep my email address private in your GitHub profile, you must make your email address public, and then change your password to switch to Astra DB local authentication. Alternatively, you can use another SSO option with the same email address as your GitHub account. If you don’t want to make your email address public, you must use a different SSO option or username and password authentication. |
Application tokens
You can use application tokens to authorize API calls or application connections to your Astra DB databases.
