Setting Up SAML with Just-In-Time (JIT) Provisioning for data.world

Danger

data.world University!

Check out our Introduction to SAML course!

Single Sign On (SSO) is available as an authentication method for all Enterprise installations. data.world supports SSO with providers that uses SAML 2.0 protocol, such as Okta, Google, or Azure, etc.

Private Instance (PI) and Single-Tenant environments are required to use SSO for user logins.
Enterprise customers using the Public Instance have an option to set up SSO, but it is not required.

Once SSO is configured, all members of the organization will use SSO to login to the platform.

Important

The SSO configuration is done in collaboration with the data.world support team.

Just In Time (JIT) account provisioning

By default all Private Instance (PI) and Single-Tenant environments are setup with Just In Time (JIT) account provisioning. This means that once SSO is enabled, users automatically get created in data.world at the time of login, as long as the SSO provider administrator has added the data.world app to the user profile in the SSO provider administration tool.

Steps for private instance and single-tenant installations

Table 1.

Done by	Task
data.world	As part of onboarding, the data.world team initiates the process and share the first set of configuration details you need to complete SSO configuration on your side. data.world team also shares a list of organization where users will get automatically provisioned once SSO is all set up.
Customer	Using the configuration details shared by the data.world support team, complete the configuration in your SSO provider administration space. At the end of completing your task share the XML file generated from the SSO provider with data.world.
Customer	Review the list shared by data.world of organization where users will get automatically provisioned and confirm with data.world if you need anything adjusted.
data.world	Using the XML file you shared with data.world, the support team completes the configuration on their side.
Customer	In your SSO system, assign the data.world app to the users who need to login to data.world.
Customer	Share the login URL with your users to use data.world. Optionally, add the data.world access link to the launch page from where your users access other application.
Customer	Once the users access the link for the first time, they are automatically provisioned in data.world.
Customer	Optionally, go the Members tab of the Organization profile page to further adjust the user permissions in data.world.
Customer	Want users automatically added to other organizations in your deployment? Notify data.world so that they can adjust the SSO configutation on their side.

Steps for public instance installations

Table 2.

Done by	Task
Customer	Identify the organizations for which you want to enable single sign-on. Contact the data.world support team and request them to begin the process.
data.world	They will enable some configurations for these organizations, as a result of which you will be able to see the SSO configurations from the Organization page. data.world team will notify you that the configuration is complete.
Customer	At this point go the organization page and note down the values you need to configure SSO.
Customer	complete the configuration in your SSO provider administration space.
Customer	Using the XML file you obtained from the SSO provider administration space, complete the configuration in data.world
Customer	In your SSO system, assign the data.world app to the users who need to login to data.world.
Customer	Share the login URL with your users to use data.world. Optionally, add the data.world access link to the launch page from where your users access other application.
Customer	Once the users access the link for the first time, they are automatically provisioned in data.world.
Customer	Now, go the Members tab of the Organization profile page to further adjust the user permissions in data.world.
Customer	Want SSO enabled for another organization? Contact data.world to get them to enable the SSO tab for another organization. Repeat the rest of the steps to complete the SSO setup for the new organization.

In this section: