This guide is applicable to Dagster Cloud.
In this guide, you'll configure OneLogin to use single sign-on (SSO) with your Dagster Cloud organization.
To complete the steps in this guide, you'll need:
dagster-cloud
CLISign into your OneLogin portal.
Navigate to Administration > Applications.
On the Applications page, click Add App.
On the Find Applications page, search for Dagster Cloud
:
Add and save the application.
In OneLogin, open the application and navigate to its Configuration.
In the Dagster Cloud organisation name field, enter your Dagster Cloud organization name. This is used to route the SAML response to the correct Dagster Cloud subdomain.
In the following example, the organization name is hooli
and our Dagster Cloud domain is https://hooli.dagster.cloud
. To configure this correctly, we'd enter hooli
into the Subdomain field:
When finished, click Done.
Next, you'll save and upload the application's SAML metadata to Dagster Cloud. This will enable single sign-on.
In OneLogin, open the Dagster Cloud application.
Navigate to More Actions > SAML Metadata.
When prompted, save the file to your computer.
After you've downloaded the SAML metadata file, upload it to Dagster Cloud using the dagster-cloud
CLI:
dagster-cloud organization settings saml upload-identity-provider-metadata <path/to/metadata> \
--api-token=<user_token> \
--url https://<organization_name>.dagster.cloud
Next, you'll assign users to the Dagster Cloud application in OneLogin. This will allow them to log in using their OneLogin credentials with the sign in flow is initiated.
In Okta, navigate to Users.
Select a user.
On the user's page, click Applications.
Assign the user to Dagster Cloud. In the following image, we've assigned user Test D'Test
to Dagster Cloud:
Click Continue.
Click Save User.
Repeat steps 2-6 for every user you want to access Dagster Cloud.
Lastly, you'll test your SSO configuration:
Navigate to your Dagster Cloud sign in page at https://<organization_name>.dagster.cloud
Click the Sign in with SSO button.
Initiate the login flow and address issues that arise, if any.
In the OneLogin portal, click the Dagster Cloud icon:
If successful, you'll be automatically signed into your Dagster Cloud organization.