The guide in this section is intended for general reference and should not be considered a replacement for documentation and training materials provided by your identity provider (IdP) vendor. When in doubt about how to configure your IdP, please refer to your IdP vendor’s guidance.
Dash Enterprise uses the SAML 2.0 standard to manage service provider (SP) initiated single sign-on (SSO). This process goes as follows:
1 - The user’s browser requests a protected page in Dash Enterprise
2 - Dash Enterprise redirects the request to the IdP for authentication
3 - The IdP sends an HTML form containing a request for authentication to the user’s browser
4 - The user submits credentials OR the user’s browser submits cached credentials
5 - Dash Enterprise adds a request for user attributes to the credential submission
6 - Upon successful authentication, the IdP returns an HTML form to the user’s browser containing the authentication assertion and user attributes requested by Dash Enterprise
7 - The user’s browser POSTs the form to Dash Enterprise
8 - Dash Enterprise authorizes the login and redirects the browser to the protected page
At this time, the IdP types our customers have reported successfully integrating with Dash Enterprise are Active Directory Federation Services, PingFederate, and Okta. However, Dash Enterprise can integrate with any IdP supporting SAML 2.0 for authentication, so you are not limited to these options.
Before proceeding with configuring SAML:
Ensure your Dash Enterprise server and IdP can make and receive network requests between each other
Ensure your Dash Enterprise instance is using a certificate assigned by a certificate authority
If Plotly is hosting your instance at a *.plotly.host subdomain, it will already have an appropriate certificate