What to do if locked out of instance after enabling/disabling SAML/LDAP

  • 15 April 2022
  • 0 replies

  • Looker Staff
  • 1 reply

Problem: All users are locked out of the instance either because:

  1. you enabled SAML/LDAP on your instance without an alternate account login setup, and you set those authentication methods with incorrect configurations
  2. you disabled SAML/LDAP while you are logged in to looker via SAML/LDAP without an alternate account login set up


Solution: toggle those features OFF via code depending on two situations:

  1. If you know your client id/secret:

    run the custom codes below
    LDAP: https://github.com/lanlooker/Looker-Tutorials/blob/main/07_Update_LDAP.ipynb
    SAML: https://github.com/ryookuriki/Looker-Tutorials/blob/main/update_SAML.ipynb
  2. If you DON’T know your client id/secret:

    1. Have DCL disable the feature for you via Looker Support
    2. Obtain client id/secret from Admin > Users for your account
    3. Have DCL enable the feature for you via Looker Support (This will most likely lock you out of your instance again
    4. Run the code below to toggle the feature OFF
    LDAP: https://github.com/lanlooker/Looker-Tutorials/blob/main/07_Update_LDAP.ipynb
    SAML: https://github.com/ryookuriki/Looker-Tutorials/blob/main/update_SAML.ipynb
    5. Reconfigure LDAP/SAML with correct configurations (or with alternate account login setup if necessary)


When we enable the feature on step 3, we cannot wipe previously configured settings so it will most likely toggle the auth feature ON once enabled. (Please also keep in mind that the feature does not get immediately enabled in your instance, but will be enabled at a random point during the day, or when you update your license key via Admin > Settings)


Note: Enabling/disabling the feature means to add/remove the option of those authentication methods on the instance. Toggling OFF means to turn that feature OFF while the feature is still enabled on the instance.


Credits: @Lan for source code (https://github.com/lanlooker/Looker-Tutorials/)

0 replies

Be the first to reply!