This guide is applicable to Dagster Cloud.
In this guide, you'll configure PingOne to use single sign-on (SSO) with your Dagster Cloud organization.
To complete the steps in this guide, you'll need:
dagster-cloud
CLISign into your PingOne Console.
Using the sidebar, click Connections > Applications.
On the Applications page, add an application.
In Select an application type, click Web app.
Click SAML > Configure:
In the Create App Profile page:
Add an application name, description, and icon:
When finished, click Save and Continue.
In the Configure SAML page:
Fill in the following:
ACS URLS and Entity ID: Copy and paste the following URL, replacing <organization_name>
with your Dagster Cloud organization name:
https://<organization_name>.dagster.cloud/auth/saml/consume
Assertion Validity Duration: Type 60
.
In the following example, the organization’s name is hooli
and the Dagster Cloud domain is https://hooli.dagster.cloud
:
When finished, click Save and Continue.
In the Map Attributes page:
Configure the following attributes:
Application attribute | Outgoing value |
---|---|
Email Address | |
FirstName | Given Name |
LastName | Family Name |
The page should look similar to the following:
When finished, click Save and Continue.
Next, you'll save and upload the application's SAML metadata to Dagster Cloud. This will enable single sign-on.
In PingOne, open the Dagster Cloud application.
Click the Configuration tab.
In the Connection Details section, click Download Metadata:
When prompted, save the file to your computer.
After you've downloaded the SAML metadata file, upload it to Dagster Cloud using the dagster-cloud
CLI:
dagster-cloud organization settings saml upload-identity-provider-metadata <path/to/metadata> \
--api-token=<user_token> \
--url https://<organization_name>.dagster.cloud
Next, you'll assign users to the Dagster Cloud application in PingOne. This will allow them to log in using their PingOne credentials with the sign in flow is initiated.
In the Dagster Cloud application, click the Access tab.
Click the pencil icon to edit the Group membership policy:
Edit the policy as needed to grant users access to the application.
Lastly, you'll test your SSO configuration:
Navigate to your Dagster Cloud sign in page at https://<organization_name>.dagster.cloud
Click the Sign in with SSO button.
Initiate the login flow and address issues that arise, if any.
In the PingOne application portal, click the Dagster Cloud icon:
If successful, you'll be automatically signed in to your Dagster Cloud organization.