OneLogin SSO
In this guide, you'll configure OneLogin to use single sign-on (SSO) with your Dagster+ organization.
Prerequisites
To follow the steps in this guide, you'll need:
- The following in OneLogin:
- An existing OneLogin account
- Admin permissions
- To install the
dagster-cloud
CLI - The following in Dagster+:
- A Pro plan
- Access to a user token
- Organization Admin permissions in your organization
Step 1: Add the Dagster+ app in OneLogin
-
Sign into your OneLogin portal.
-
Navigate to Administration > Applications.
-
On the Applications page, click Add App.
-
On the Find Applications page, search for
Dagster+
: -
Add and save the application.
Step 2: Configure SSO in OneLogin
-
In OneLogin, open the application and navigate to its Configuration.
-
In the Dagster+ organisation name field, enter your Dagster+ organization name. This is used to route the SAML response to the correct Dagster+ subdomain.
For example, your organization name is
hooli
and your Dagster+ domain ishttps://hooli.dagster.cloud
. To configure this correctly, you'd enterhooli
into the Subdomain field. -
When finished, click Done.
Step 3: Upload the SAML metadata to Dagster+
Next, you'll save and upload the application's SAML metadata to Dagster+. This will enable single sign-on.
-
In OneLogin, open the Dagster+ application.
-
Navigate to More Actions > SAML Metadata.
-
When prompted, save the file to your computer.
-
After you've downloaded the SAML metadata file, upload it to Dagster+ using the
dagster-cloud
CLI:dagster-cloud organization settings saml upload-identity-provider-metadata <path/to/metadata> \
--api-token=<user_token> \
--url https://<organization_name>.dagster.cloud
Step 4: Grant access to users
Next, you'll assign users to the Dagster+ application in OneLogin. This will allow them to log in using their OneLogin credentials with the sign in flow is initiated.
-
In Okta, navigate to Users.
-
Select a user.
-
On the user's page, click Applications.
-
Assign the user to Dagster+. In the following image, the user
Test D'Test
has been assigned to Dagster+: -
Click Continue.
-
Click Save User.
-
Repeat steps 2-6 for every user you want to access Dagster+.
Step 5: Test your SSO configuration
Lastly, you'll test your SSO configuration:
Testing a service provider-initiated login
-
Navigate to your Dagster+ sign in page at
https://<organization_name>.dagster.cloud
-
Click the Sign in with SSO button.
-
Initiate the login flow and address issues that arise, if any.
Testing an identity provider-initiated login
In the OneLogin portal, click the Dagster+ icon:
If successful, you'll be automatically signed into your Dagster+ organization.