Identity Provider Connections
On this page
An Identity Provider Connection represents a connection between SingleStore Helios’s identity system and the customer's Identity Provider (IdP).
An organization may have zero or more Identity Provider Connections.Organization
menu under Authentication
which is next to Settings
.
Connections can be active or inactive.
Connections can be modified, copied and deleted.
Each connection has an identifier and its own URL paths that need to be configured with the customer’s Identity Provider to make the connection work.
The process of establishing a connection involves exchanging information between the SingleStore Helios’s identity system and the customer IdP.
Both OIDC 1.
Domains
Each IDP connection is also configured with one or more domain names.
A domain can be “live” or not live, on a per-IdP connection basis.
A domain can be verified or not verified.
-
Create a DNS TXT record with the token as specified in the UI.
-
Create a web page with the token as specified in the UI.
Once a domain is verified, it remains verified.
Sub-domains of a verified domain will be verified semi-automatically (click Verify
).
An IdP connection cannot be activated without having at least one live and verified domain.
Settings
One of the per-domain settings controls whether non-SSO login using an email address matching that domain is allowed.
A list of email addresses of the form, username@domain or just username can bypass the per-domain SSO required setting and log in through the keycloak as shown in the sample screenshot below:
Last modified: January 29, 2024