Page tree

Release 7.1.2


Contents:

   

Contents:


This section covers additional requirements for managing users in SSO environments.

Enable SSO

The  Designer Cloud powered by Trifacta® platform  requires additional configuration to integrate with your SSO provider. Available methods:

MethodDescription
SAML IDPIntegrate the platform with enterprise SAML identity provider. See Configure SSO for SAML.
Native LDAP-ADUsing native functionality in the platform, it can integrate with enterprise LDAP/AD. For more information, see Configure SSO for AD-LDAP.
LDAP-AD via reverse proxy

A reverse proxy server outside of the platform can be set up for integration with enterprise LDAP/AD.

NOTE: This method is likely to be deprecated in a future release.

 

For more information, see Configure SSO for AD-LDAP.

 

Configure Auto-Registration

Tip: By default, user auto-registration is enabled. It is recommended.

How users are managed depends on whether auto-registration is enabled:

  • If auto-registration is enabled, after users provide their credentials, the account is automatically created for them.
  • If auto-registration is disabled, a Trifacta administrator must still provision a user account before it is available. See below.

Manage Users with Auto-Registration

After SSO with auto-registration has been enabled, you can still manage users through the Admin Settings page, with the following provisions:

  • The  Designer Cloud powered by Trifacta platform  does not recheck for attribute values on each login. If attribute values change with your identity provider, they must be updated in the configuration.  
  • If the user has been removed from AD, the user cannot sign in to the platform.
  • If you need to remove a user from the platform, you should just disable the user through the User Management area.
    • If the user is deleted, then if the user returns to the platform in the future, a new account is created for the user.

For more information, see Manage Users.

Disable Auto-Registration

To disable auto-provisioning in the platform, please verify the following property:

  1. You can apply this change through the Admin Settings Page (recommended) or trifacta-conf.json. For more information, see Platform Configuration Methods.
  2. Set the following property:

    "webapp.sso.enableAutoRegistration" : false,
  3. Save your changes and restart the platform.
  4. New users of the  Designer Cloud powered by Trifacta platform  must be provisioned by a Trifacta administrator. See below.

Provision new users under SSO without auto-registration

If SSO auto-registration is disabled, admin users can provision new users of the platform through the following URL:

https://<hostname>:<sso_port_number>/register

where:

  • <hostname> is the host of the  Designer Cloud powered by Trifacta platform
  • <sso_port_number> is the port number.

The user's password is unnecessary in an SSO environment. You must provide the SSO principal value, which is typically the Active Directory login for the user.

  • If you are connected to a Hadoop cluster, you must provision the Hadoop principal value.
  • See Create User Account.

User access for reverse proxy method

Users access the application through the Trifacta node using the standard hostname and the port that you specified:

NOTE: All users must be use this URL to access the Designer Cloud application . If they use the non-SSO URL, they may receive an Unprovisioned User error.

https://<hostname>:<sso_port_number>

This page has no comments.