Connecting to your identity provider
With Cyral, you can authenticate database users and Cyral administrators against your identity provider (IdP) or single sign-on (SSO) platform. Once set up for SSO, Cyral delegates authentication to your identity provider. When a user authenticates successfully, Cyral grants them the appropriate privileges in the data store. Privileges can be based on each user's group memberships in the identity management system by creating access rules or admin user mappings
Prerequisites
Before you set up the SSO integration, make sure you have an Identity Provider that supports SAML 2.0.
note
Please be aware of the following regarding the Cyral SP:
- Cyral supports only SAML 2.0 HTTP-POST Binding.
- The SAML Assertion must contain the user's first name, last name, email, and group membership information.
- Cyral supports SP and IdP initiated login for most IdPs.
- Cyral supports both Single Sign-on (SSO) and Single Logout (SLO), however SLO is not required.
SSO
To set up SSO, please refer to the guides below.
- Active Directory Federation Service (ADFS)
- Azure Active Directory
- ForgeRock
- G Suite
- Okta
- OneLogin
- PingOne
- Other IdPs (for other SAML-based identity providers)
Learn more
- After you've connected Cyral to your identity provider, see Set up SSO authentication for users for the steps to activate SSO authentication on each repository that will use it.
- You can configure SCIM integration as an additional source of user
and group information using this guide. - Users can connect via your identity provider as explained here.
- You can embed a Cyral login button or Cyral token button on your employee access portal to give your users fast access to the Cyral authentication tokens they need for logging into a database.