Capabilities overview
The fastest, easiest way to share data and analytics inside your company.
Supported capability | Required plan | Details |
---|---|---|
Passwordless SSO | Pro plan | High SSO tax |
Account creation with SAML | Pro plan | SAML JIT (create accounts only) |
Prerequisites
In order to integrate idemeum with Metabase you will first need to obtain SAML metadata parameters for your idemeum tenant. Specifically you will need:
- Identity Provider SSO URL
- Identity Provider Entity ID
- Public X509 certificate (PEM format)
Instructions for how to obtain these SAML metadata parameters are below.
Passwordless Single Sign-On (SAML)
Configure SSO in Metabase
- Access your Metabase dashboard
- Navigate to Settings -> Admin
- Click Authentication and then Configure SAML
- First take note of the Assertion Consumer Service URL for Metabase. You will need that for idemeum configuration.
- Enable Single Sign On by toggling a switch
Now you will be using idemeum SAML metadata parameters obtained in the prerequisites section
- Scroll down to section that is called Tell Metabase about your identity provider
- Paste Identity Provider SSO URL
- Paste Public X509 certificate (PEM format)
- Paste Identity Provider Entity ID
- Scroll down and click Save changes
Configure SSO in idemeum
- Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
- Click Applications in the left menu
- Search for Metabase application and click Add App
- Click SAML at the top navigation menu
Now you will use SAML parameters obtained from Metabase
- Paste Assertion Consumer Service URL from Metabase
- Click Save
Account creation with SAML JIT
Metabase currently supports account creation with SAML JIT - SAML Just-in-Time provisioning. When new users try to log in with passwordless SSO, the user account with be automatically created.
SAML JIT supports only account creation (no account deletion or updates).
Application entitlements
Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.
SAML SSO login flows
Metabaser supports both:
- IDP Initiated Flow
- SP Initiated Flow
IDP Initiated Flow
With this flow users first navigate to idemeum user catalog and then click on Metabase dashboard icon to launch application.
SP Initiated Flow
- Navigate to https://www.metabase.com
- Type in your domain name
- Once you click Ok you will be able to sing in with SSO