Comment on page
Connecting Using SAML
Security Assertion Markup Language (SAML) is used for exchanging authentication and authorization data between security domains. SAML uses security tokens containing assertions (statements that service providers use to make decisions about access control) to pass information about a principal (usually an end user) between a SAML authority, named an Identity Provider (IdP), and a SAML consumer, named a Service Provider (SP). SAML enables web-based, cross-domain, single sign-on (SSO), which helps reduce the administrative overhead of sending multiple authentication tokens to the user.
If you use SAML for authentication to HEAVY.AI, and SAML login fails, HEAVY.AI automatically falls back to log in using LDAP if it is configured.
If both SAML and LDAP authentication fail, you are authenticated against a locally stored password, but only if the
allow-local-auth-fallbackflag is set.
- 1.A user uses a login page to connect to HEAVY.AI.
- 2.The HEAVY.AI login page redirects the user to the Okta login page.
- 3.The user signs in using an Okta account. (This step is skipped if the user is already logged in to Okta.)
- 4.Okta returns a base64-encoded SAML Response to the user, which contains a SAML Assertion that the user is allowed to use HEAVY.AI. If configured, it also returns a list of SAML Groups assigned to the user.
- 5.Okta redirects the user to the HEAVY.AI login page together with the SAML response (a token).
- 6.HEAVY.AI verifies the token, and retrieves the user name and groups. Authentication and authorization is complete.
In addition to Okta, the following SAML providers are also supported: