Dash Enterprise Administration
4.3.1
4.3.1
  • Changelog
  • Installation
    • Capacity Planning
      • Dash Enterprise Single Server
      • Dash Enterprise for Kubernetes
    • Before you install
    • Dash Enterprise Single Server
      • Installation on cloud provider
      • On-premise installation on own server
      • Fully offline installation
    • Dash Enterprise Kubernetes
      • Amazon Web Services resource prerequisites
      • Google Cloud Platform resource prerequisites
      • Microsoft Azure resource prerequisites
  • Configuration
    • Set up your Server Manager
    • Run preflight checks
    • Configure basic settings
    • Authentication settings
      • Built-in local authentication
      • LDAP authentication
      • SAML authentication
    • Dash Enterprise Kubernetes additional required configuration
    • Configure optional settings
    • Add SELinux permissions to mapped directories
    • Other options and customizations
    • Using Snapshots & Backups
    • Running and logging into Dash Enterprise
    • Next steps
  • Advanced Configuration
    • General troubleshooting and problem solving
      • Dash Enterprise Kubernetes
    • Load balancer configuration
    • Reverse proxy setup instructions
    • Docker storage driver requirements and considerations
    • Import an LDAPS certificate from Active Directory into Dash Enterprise
    • Transfer Dash Enterprise to a new server
    • Sync license changes
    • Change channels for an upgrade
    • Admin panel reference
    • Configure Dash Enterprise to use common SAML IdPs
      • Active Directory Federation Services (AD FS)
      • PingFederate
      • Okta
    • Configure Dash Enterprise to use common LDAP IdPs
      • Okta
  • Upgrade
    • Prepare for the upgrade
    • Upgrade
      • Dash Enterprise Single Server
      • Dash Enterprise for Kubernetes
    • After the upgrade
  • Advanced Troubleshooting
    • Dash Enterprise Architecture and Internals
    • Navigating the System
    • Navigating the Support Bundle
    • Getting Help and Reporting Issues
    • Troubleshooting Specific Issues
Powered by GitBook
On this page

Was this helpful?

  1. Advanced Configuration

Configure Dash Enterprise to use common SAML IdPs

PreviousAdmin panel referenceNextActive Directory Federation Services (AD FS)

Last updated 2 years ago

Was this helpful?

The guide in this section is intended for general reference and should not be considered a replacement for documentation and training materials provided by your identity provider (IdP) vendor. When in doubt about how to configure your IdP, please refer to your IdP vendor’s guidance.

Dash Enterprise uses the SAML 2.0 standard to manage service provider (SP) initiated single sign-on (SSO). This process goes as follows:

1 - The user’s browser requests a protected page in Dash Enterprise

2 - Dash Enterprise redirects the request to the IdP for authentication

3 - The IdP sends an HTML form containing a request for authentication to the user’s browser

4 - The user submits credentials OR the user’s browser submits cached credentials

5 - Dash Enterprise adds a request for user attributes to the credential submission

6 - Upon successful authentication, the IdP returns an HTML form to the user’s browser containing the authentication assertion and user attributes requested by Dash Enterprise

7 - The user’s browser POSTs the form to Dash Enterprise

8 - Dash Enterprise authorizes the login and redirects the browser to the protected page

At this time, the IdP types our customers have reported successfully integrating with Dash Enterprise are Active Directory Federation Services, PingFederate, and Okta. However, Dash Enterprise can integrate with any IdP supporting SAML 2.0 for authentication, so you are not limited to these options.

Before proceeding with configuring SAML:

  • Ensure your Dash Enterprise server and IdP can make and receive network requests between each other

  • Ensure your Dash Enterprise instance is using a certificate assigned by a certificate authority

    • If Plotly is hosting your instance at a *.plotly.host subdomain, it will already have an appropriate certificate

Active Directory Federation Services (AD FS)
PingFederate
Okta