• Glossary
  • Support
  • Downloads
  • DataStax Home
Get Live Help
Expand All
Collapse All

DataStax Astra DB Serverless Documentation

    • Overview
      • Release notes
      • Astra DB FAQs
      • Astra DB Architecture FAQ
      • Astra DB glossary
      • Get support
    • Getting Started
      • Grant a user access
      • Load and retrieve data
        • Use DSBulk to load data
        • Use Data Loader in Astra Portal
      • Connect a driver
      • Build sample apps
      • Use integrations
    • Planning
      • Plan options
      • Database regions
    • Securing
      • Security highlights
      • Security guidelines
      • Default user permissions
      • Change your password
      • Reset your password
      • Authentication and Authorization
      • Astra DB Plugin for HashiCorp Vault
    • Connecting
      • Connecting private endpoints
        • AWS Private Link
        • Azure Private Link
        • GCP Private Endpoints
        • Connecting custom DNS
      • Connecting Change Data Capture (CDC)
      • Connecting CQL console
      • Connect the Spark Cassandra Connector to Astra
      • Drivers for Astra DB
        • Connecting C++ driver
        • Connecting C# driver
        • Connecting Java driver
        • Connecting Node.js driver
        • Connecting Python driver
        • Connecting Legacy drivers
        • Drivers retry policies
      • Get Secure Connect Bundle
    • Migrating
      • Components
      • FAQs
      • Preliminary steps
        • Feasibility checks
        • Deployment and infrastructure considerations
        • Create target environment for migration
        • Understand rollback options
      • Phase 1: Deploy ZDM Proxy and connect client applications
        • Set up the ZDM Proxy Automation with ZDM Utility
        • Deploy the ZDM Proxy and monitoring
        • Configure Transport Layer Security
        • Connect client applications to ZDM Proxy
        • Leverage metrics provided by ZDM Proxy
        • Manage your ZDM Proxy instances
      • Phase 2: Migrate and validate data
      • Phase 3: Enable asynchronous dual reads
      • Phase 4: Change read routing to Target
      • Phase 5: Connect client applications directly to Target
      • Troubleshooting
        • Troubleshooting tips
        • Troubleshooting scenarios
      • Glossary
      • Contribution guidelines
      • Release Notes
    • Managing
      • Managing your organization
        • User permissions
        • Pricing and billing
        • Audit Logs
        • Bring Your Own Key
          • BYOK AWS Astra Portal
          • BYOK GCP Astra Portal
          • BYOK AWS DevOps API
          • BYOK GCP DevOps API
        • Configuring SSO
          • Configure SSO for Microsoft Azure AD
          • Configure SSO for Okta
          • Configure SSO for OneLogin
      • Managing your database
        • Create your database
        • View your databases
        • Database statuses
        • Use DSBulk to load data
        • Use Data Loader in Astra Portal
        • Monitor your databases
        • Export metrics to third party
          • Export metrics via Astra Portal
          • Export metrics via DevOps API
        • Manage access lists
        • Manage multiple keyspaces
        • Using multiple regions
        • Terminate your database
      • Managing with DevOps API
        • Managing database lifecycle
        • Managing roles
        • Managing users
        • Managing tokens
        • Managing BYOK AWS
        • Managing BYOK GCP
        • Managing access list
        • Managing multiple regions
        • Get private endpoints
        • AWS PrivateLink
        • Azure PrivateLink
        • GCP Private Service
    • Astra CLI
    • Astra Vector Search
    • Astra Block
      • Quickstart
      • FAQ
      • Data model
      • About NFTs
    • Developing with Stargate APIs
      • Develop with REST
      • Develop with Document
      • Develop with GraphQL
        • Develop with GraphQL (CQL-first)
        • Develop with GraphQL (Schema-first)
      • Develop with gRPC
        • gRPC Rust client
        • gRPC Go client
        • gRPC Node.js client
        • gRPC Java client
      • Develop with CQL
      • Tooling Resources
      • Node.js Document API client
      • Node.js REST API client
    • Stargate QuickStarts
      • Document API QuickStart
      • REST API QuickStart
      • GraphQL API CQL-first QuickStart
    • API References
      • DevOps REST API v2
      • Stargate Document API v2
      • Stargate REST API v2
  • DataStax Astra DB Serverless Documentation
  • Configuring single sign-on for the other IdP

Configuring single sign-on for the other IdP

As the Organization Administrator, setting up single sign-on (SSO) is crucial to managing access to various applications. SSO allows for a seamless sign-on experience, and gives centralized and streamlined access control to security operations teams.

Prerequisites

To manage SAML SSO settings, you must have the Organization Administrator role.

Adding identity provider

  1. From any page from Astra DB, select the Organizations dropdown. Select the organization for which you want to configure your SSO.

  2. Go to the dashboard and select Organization Settings. Select Security Settings.

    If this is your first time configuring SSO, no identity providers (IdP) will be listed for your organization.

  3. Select Add Identity Provider.

  4. Select Other as your IdP and add the name of the unlisted IdP in the empty field.

    The following fields display information you need to provide your IdP:

    • SAML Assertion Consumer (ACS) URL (also called "Single Sign On URL")

    • Audiene URI (also called "SP Indentity ID")

    • Relay State (also called "Default Relay State")

      image::ROOT:other_linkIdP.png[]
      [NOTE]
===
Without a known IdP, a link to obtain information from an IdP cannot be listed. You must locate this information and complete the following fields.
===

      • Information to receive FROM your IdP (click the information from your Identity Provider to learn what information you need for the following fields)

    • Description

    • Login URL (also be called "SAML Endpoint")

    • Azure AD Identifier (also called "Entity ID" or "Identifier")

    • SAML Signing Certificate

      image::ROOT:other_obtainIdP.png[]

  5. After confirming all the information is correct, scroll down and select Test Configuration.

    A new tab opens in the browser window housing your IdP log-in screens and flow. When you complete the login, the window closes.

    The Test Configuration is deemed successful when a confirmation icon appears beside the Test Configuration button.

    If the test was unsuccessful, review the SSO settings in Astra DB and your IdP console. If still unsuccessful, contact DataStax support.

  6. Select Activate SSO when your test configuration is successful. A message appears confirming the SSO is now active for your selected organization.

Disabling your configuration

You can suspend any active configuration from your organization. The Disable option deactivates your active configuration.

If you disable your SSO configuration, users can access your organization without SSO authentication.

  1. Select the ellipsis (…​) next to your active configuration. Select Disable.

  2. A dialog box appears to confirm you want to disable this configuration. Type "disable" and select Disable SSO Configuration.

sso disableactive

Using identity provider drafts

To complete your configuration later, select Esc in your configuration to save the current information as a draft. All drafts and the active configuration appear on the table of the Single Sign-on (SSO) page.

sso drafts

  1. Select the ellipsis (…).

  2. Select either Edit or Delete:

    • Edit returns to the Configure SSO page to continue editing the draft and complete the SSO configuration.

    • Delete removes the row from the table and is permanent. This choice displays a dialog box. To delete the draft, type "delete" and select Delete SSO Authentication.

An organization can have have multiple configuration drafts, but only one active configuration.
sso draftactive

What’s next?

As needed, Update user permissions from the default JIT provision role.

General Inquiries: +1 (650) 389-6000 info@datastax.com

© DataStax | Privacy policy | Terms of use

DataStax, Titan, and TitanDB are registered trademarks of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Kubernetes is the registered trademark of the Linux Foundation.

landing_page landingpage