This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Looker
- Articles & Information
- Technical Tips & Tricks
- What Is SAML and how is it used in Looker?
Topic Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
LinkedIn
Twitter
LookerExperts
Staff
Topic Options
- Article History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
0
0
987
Knowledge Drop
Last tested: Jun 21, 2019
What is SAML?
SAML, short for Security Assertion Markup Language, is one of several standards for authentication. It is a Single Sign On (SSO) method - which means you can use it to authenticate to several different web services.
Several different companies sell SAML as a way to make authentication easier and standardized across a company. Some examples are Okta and OneLogin.
HOW DOES SAML WORK?
SAML SSO works by transferring the user’s identity from one place (the identity provider) to another (the service provider). This is done through an exchange of digitally signed XML documents over HTTP and SOAP.
A generic interactions among various roles involved in SAML standard can be summarised as follows:
- Generally user profiles and user credentials are stored centrally within a one system, this can be a home grown system or can be IAM solution.
- When a user try to access a secured page/resource on an application it directs users to the central identity service via the user’s agent.
- The central identity service try to authenticate the user and if it is successful create a session for the authenticated user, then it create a SAML token (XML message) and send it back to the original application directly or indirectly (usually via user agent).
- This SAML token contains all the required identity data such as authentication method, authorisation decisions, user attributes etc. The application use this SAML token to create local HTTP session and treat the user as logged-in.
- If the same user try to access another application of the same organisation, like in step-2 that application also redirect the user to central identity service.
- At the central identity service, it recognise this user is already logged-in and skip the authentication steps. The central identity service generate a SAML token and share with this 2nd application . Generally these 5th and 6th steps are transparent to end users.
(source for this list)
What does this have to do with Looker?
Looker supports logging in with a SAML provider. Often, users and prospects will already have a SAML provider that they want to use with Looker to avoid having to set up credentials specifically for Looker. When a Looker instance has SAML activated, then users who come to the instance are sent to the SAML provider to authenticate and from there are granted access into Looker.
Sources / Additional Reading:
https://developers.onelogin.com/saml
https://medium.com/@sagarag/reloading-saml-saml-basics-b8999995c73e
https://medium.com/@sagarag/reloading-saml-do-you-really-need-saml-931976b3b5e3
This content is subject to limited support.
Topic Labels