How to Integrate Metabase With idemeum

Capabilities overview

The fastest, easiest way to share data and analytics inside your company.

Supported capability	Required plan	Details
Passwordless SSO	Pro plan	High SSO tax
Account creation with SAML	Pro plan	SAML JIT (create accounts only)

Prerequisites

In order to integrate idemeum with Metabase you will first need to obtain SAML metadata parameters for your idemeum tenant. Specifically you will need:

Identity Provider SSO URL
Identity Provider Entity ID
Public X509 certificate (PEM format)

Instructions for how to obtain these SAML metadata parameters are below.

How to obtain SAML metadata for idemeum

SAML metadata is the data that describes the information needed to communicate between your SaaS application and idemeum in order to enable Single Sign-On. Based on SAML terminology SaaS application is called Service Provider (SP) and idemeum will be Identity Provider (IDP). Typically you will be a…

Docsidemeum team

Passwordless Single Sign-On (SAML)

Configure SSO in Metabase

Access your Metabase dashboard
Navigate to Settings -> Admin

Click Authentication and then Configure SAML

First take note of the Assertion Consumer Service URL for Metabase. You will need that for idemeum configuration.
Enable Single Sign On by toggling a switch

Now you will be using idemeum SAML metadata parameters obtained in the prerequisites section

Scroll down to section that is called Tell Metabase about your identity provider
Paste Identity Provider SSO URL
Paste Public X509 certificate (PEM format)
Paste Identity Provider Entity ID

Scroll down and click Save changes

Configure SSO in idemeum

Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
Click Applications in the left menu
Search for Metabase application and click Add App
Click SAML at the top navigation menu

Now you will use SAML parameters obtained from Metabase

Paste Assertion Consumer Service URL from Metabase

Click Save

Account creation with SAML JIT

Metabase currently supports account creation with SAML JIT - SAML Just-in-Time provisioning. When new users try to log in with passwordless SSO, the user account with be automatically created.

SAML JIT supports only account creation (no account deletion or updates).

Application entitlements

Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.

Metabaser supports both:

IDP Initiated Flow
SP Initiated Flow

IDP Initiated Flow

With this flow users first navigate to idemeum user catalog and then click on Metabase dashboard icon to launch application.

SP Initiated Flow

Navigate to https://www.metabase.com
Type in your domain name

Once you click Ok you will be able to sing in with SSO