Dash Enterprise Administration
4.3.1
4.3.1
  • Changelog
  • Installation
    • Capacity Planning
      • Dash Enterprise Single Server
      • Dash Enterprise for Kubernetes
    • Before you install
    • Dash Enterprise Single Server
      • Installation on cloud provider
      • On-premise installation on own server
      • Fully offline installation
    • Dash Enterprise Kubernetes
      • Amazon Web Services resource prerequisites
      • Google Cloud Platform resource prerequisites
      • Microsoft Azure resource prerequisites
  • Configuration
    • Set up your Server Manager
    • Run preflight checks
    • Configure basic settings
    • Authentication settings
      • Built-in local authentication
      • LDAP authentication
      • SAML authentication
    • Dash Enterprise Kubernetes additional required configuration
    • Configure optional settings
    • Add SELinux permissions to mapped directories
    • Other options and customizations
    • Using Snapshots & Backups
    • Running and logging into Dash Enterprise
    • Next steps
  • Advanced Configuration
    • General troubleshooting and problem solving
      • Dash Enterprise Kubernetes
    • Load balancer configuration
    • Reverse proxy setup instructions
    • Docker storage driver requirements and considerations
    • Import an LDAPS certificate from Active Directory into Dash Enterprise
    • Transfer Dash Enterprise to a new server
    • Sync license changes
    • Change channels for an upgrade
    • Admin panel reference
    • Configure Dash Enterprise to use common SAML IdPs
      • Active Directory Federation Services (AD FS)
      • PingFederate
      • Okta
    • Configure Dash Enterprise to use common LDAP IdPs
      • Okta
  • Upgrade
    • Prepare for the upgrade
    • Upgrade
      • Dash Enterprise Single Server
      • Dash Enterprise for Kubernetes
    • After the upgrade
  • Advanced Troubleshooting
    • Dash Enterprise Architecture and Internals
    • Navigating the System
    • Navigating the Support Bundle
    • Getting Help and Reporting Issues
    • Troubleshooting Specific Issues
Powered by GitBook
On this page

Was this helpful?

  1. Configuration
  2. Authentication settings

SAML authentication

PreviousLDAP authenticationNextDash Enterprise Kubernetes additional required configuration

Last updated 2 years ago

Was this helpful?

This section assumes you have access to an already-configured SAML 2.0 identity provider (IdP). For guidance setting up an IdP, see .

To configure Dash Enterprise to use a SAML 2 IdP for authentication, choose Use SAML for authentication and configure as follows:

  1. Choose an option for the IdP (remote) metadata from the following:

    1. Enter a URL to the IdP (remote) metadata

    2. Provide a file containing the IdP (remote) metadata

    3. No IdP (remote) metadata is available yet: select this if your IdP requires the Dash Enterprise service provider (SP) metadata before it can generate IdP metadata

      • This is an intermediary step and authentication will not work with it enabled

      • When you have configured your IdP, you must return to the Dash Enterprise Settings and choose one of the other IdP metadata options to proceed

  2. Copy the SP (local) metadata URL displayed to use to configure your IdP

    • If your IdP requires a metadata file instead of a URL, download the file by visiting this URL in your browser after Dash Enterprise has started

  3. Use name_id from IdP as Plotly Username: leave checked unless you need to use another attribute from your IdP as the username

    • Username values must be 1 to 31 characters long (inclusive) and may contain only alphanumeric characters plus:

      • _ (underscore)

      • . (period)

      • - (hyphen)

    • To use a different attribute as a username, uncheck this option and enter the attribute name in the field that appears

  4. Choose an SSL certificate option that will be used for the signing certificate and, if you also check Enable encryption when communicating with the IdP, for the encryption certificate as well (Dash Enterprise uses a different certificate set for SAML from what it uses for SSL)

    1. Automatically generate local certificates and keys for SAML: Dash Enterprise will generate self-signed certificates and keys the next time it restarts, to be used for SAML signing and encryption

    2. Provide files containing local certificates and keys: you will need to upload a signing certificate and key, as well as an encryption certificate and key if you enable encryption

  5. Check Enable Signed AuthnRequests if your IdP requires this

  6. If your IdP uses a self-signed certificate for SSL, choose Disable SSL certificate validation when communicating with the IdP to suppress certificate warnings

  7. For additional debugging information during setup, enable the Enable SAML Debugging option

    • Not recommended for production due to the large amount of data generated

  8. To restrict user licensing creation to a specific LDAP group, enable Restrict licenses based on LDAP/SAML group membership option and enter the name of the group

    • This group name should match the information sent as the “groups” attribute in the IdP’s SAML assertion

  9. If desired for testing, you can check Enable authentication logs to make authentication logs available via a secret URL

    • Not recommended for production, since authentication logs may contain confidential data

Configure Dash Enterprise to use common SAML IdPs