Submit a ticket My tickets
Welcome
Login  Sign up
  1. DataGalaxy
  2. Toolbox
  3. Authentication

How to Set Up SSO in a Dedicated Environment?

Modified on: Wed, 7 Jan, 2026 at 11:51 AM

Setting up DataGalaxy authentication delegated to your corporate directory (also known as an Identity Provider) requires configuration from your customer account administration. Please refer to the article Self-service SSO to follow the steps for this configuration.

DataGalaxy acts as the Service Provider (SP), and your directory acts as the Identity Provider (IdP).

DataGalaxy currently supports the following two protocols: SAMLv2 and OIDC.

SAMLv2 Procedure

The steps for setup are as follows:

  1. Initialize a SAML "DataGalaxy" application on your IdP(corporate directory) using the following information:
    • EntityID: https://$INSTANCE$.datagalaxy.com/Saml2
    • ACS URL: https://$INSTANCE$.datagalaxy.com/auth/realms/$REALM_ID$/broker/saml/endpoint
    • Logout URL: https://$INSTANCE$.datagalaxy.com/auth/realms/$REALM_ID$/broker/saml/endpoint
  2. Replace the variables with the following values:
    • $INSTANCE$: The value of your instance, found in your access URL before .datagalaxy.com.
    • $REALM_ID$: The GUID found in your DataGalaxy login page URL after /Realm/.
      Here is an example :
  3. Configure three specific claims 
  4. in the DataGalaxy enterprise application you created on your directory:
    IdP AttributeType of ValueClaim Value Expected by DataGalaxy
    EmailURIhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    FirstNameURIhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
    LastNameURIhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
  5. You retrieve the SAMLv2 configuration metadata XML file to enter it in the configuration modal, in the field: "Identity Provider Federation Metadata XML" 

Please refer to the article SSO Self Service to follow the next steps of this configuration.

Note: The mode of first connection initiated by the IdP (IdP-Initiated First) is not supported.

OIDC Procedure

The steps for setup are as follows:

  1. Initialize an OIDC "DataGalaxy" application on your IdP(corporate directory) using the following information:
    • Redirect URI: https://$INSTANCE$.datagalaxy.com/auth/realms/$REALM_ID$/broker/oidc/endpoint
  2. Replace the variables with the following values:
    • $INSTANCE$: The value of your instance, found in your access URL before .datagalaxy.com.
    • $REALM_ID$: The GUID found in your DataGalaxy login page URL after /Realm/.
  3. Configure three specific claims in the DataGalaxy enterprise application you created on your directory:
    IdP AttributeType of ValueClaim Value Expected by DataGalaxy
    EmailURIemail
    FirstNameURIgiven_name
    LastNameURIfamily_name
  4. Enable the desired users on this new enterprise application.
  5. You retrieve the following information to enter it in the configuration modal:
    • ClientID
    • ClientSecret
    • DiscoveryUrl

PS : “email” should be used as the value for the “login claim type” but it's not mandatory.

Please refer to the article SSO Self Service to follow the next steps of this configuration.

Auto-Provisioning Option

DataGalaxy supports two auto-provisioning modes:

  1. JIT (Just In Time) - Custom DataGalaxy:
    • Any new user authorized to connect via their IdP but not yet known to the platform is automatically added as a Reader (license automatically assigned).
    • When this user is revoked from the company directory, they can no longer log in to DataGalaxy but will remain visible on the platform until manually deleted.
    • This option is managed by DataGalaxy and can be activated upon your request.
  2. SCIM Standard Protocol Synchronization:
    • A regular synchronization is performed between the authorized user group(s) and DataGalaxy users.
    • Upon the first synchronization, all authorized users in the directory will be added to the platform, with subsequent modifications regularly updated.
    • This configuration is completed on your end, requiring the following attributes:
      • SCIM API URL for your DataGalaxy space: https://$INSTANCE$.api.datagalaxy.com/v2/scim
        Where $INSTANCE$ is the value of your instance found in your access URL before .datagalaxy.com.
      • Secret Token: Integration token value, which you must generate in your DataGalaxy admin space with admin privileges (refer to the DataGalaxy API and integration token documentation).

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Table of contents

Related Articles