Configure Dataset SSO with SAML
This guide will walk you through the necessary steps to set up the integration with a SAML identity provider.
Please note that this documentation provides a general guide for integrating DataSet with an Identity Provider (IdP) via SAML. The specific steps and terminology may vary depending on your chosen IdP. Make sure to consult your IdP's documentation for accurate instructions tailored to their platform.
Prerequisites: Before you begin, make sure you have the following:
- Access to the administrative console of your SAML identity provider.
- SAML identity provider already set up and configured.
- An organization name, either provided by DataSet support or by reading this article. The organization name will be used in place of MYORG in the Audience URL below.
Step 1: Configure SAML Identity Provider (IdP)
The specifics will vary based upon your IdP. Here are the core parameters to configure:
- Connection is SAML 2.0
- SP Entity ID / Audience / Single sign-on URL:
- Scalyr US cluster: https://www.scalyr.com/sp?organization=MYORG
- Scalyr EU cluster: https://eu.scalyr.com/sp?organization=MYORG
- DataSet US cluster: https://app.us1.dataset.com/sp?organization=MYORG
- DataSet EU cluster: https://app.eu1.dataset.com/sp?organization=MYORG
- ACS / Single-sign-on / Recipient / Reply URL:
- US cluster: https://www.scalyr.com/acs
- EU cluster: https://eu.scalyr.com/acs
- DataSet US cluster: https://app.us1.dataset.com/acs
- DataSet EU cluster https://app.eu1.dataset.com/acs
- Single Log Out (SLO) is not supported - leave blank
- SAML Signature element: Assertion
- NameID format: Email Address (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress)
- Application username: Email
Once the DataSet application is configured in your IdP, export the XML metadata.
Step 2: Configure Dataset IdP Connection
- Send your metadata XML to the DataSet representative you have been working with, or to firstname.lastname@example.org. Please provide 2 user email addresses for testing. At the same time please also indicate if there are other email domains in scope for the SSO configuration (is it only your customer.com domain, or do you also have user emails from customer.net, or subsidiary.com?).
- We will configure SSO for these two users and respond back to you
Step 3: Test the Integration
- Verify the configuration by initiating a single sign-on attempt from Dataset.
- Sign out from Dataset and attempt to sign in again to verify single sign-on.
- Ensure that user attributes and roles are correctly mapped and assigned within Dataset.
- Once you have confirmed the test users are functioning correctly, we will enable SSO for all of your users.
Note: The above steps provide a general guideline for configuring Dataset SSO with a generic SAML identity provider. Actual configurations may vary depending on your specific requirements and the capabilities of your SAML IdP. Please refer to the documentation provided by your SAML IdP for more details, and don't hesitate to reach out to email@example.com if you have any questions.