Setting up your identity provider
If you purchased BigAnimal directly from EDB, you must set up your identity provider (IDP) before accessing BigAnimal for the first time. After setting up your identity provider, you can add users to BigAnimal by adding them to the designated group in your identity provider. Once you've logged into BigAnimal using your identity provider, you can set up your cloud service provider (CSP) in the BigAnimal portal to complete onboarding. If you purchased through Azure Marketplace, BigAnimal authenticates users using Azure Active Directory (AD) and you don't have to complete these steps, as Azure AD is linked during subscription.
BigAnimal supports single sign-on through SAML identity providers. The SAML application enables access to BigAnimal for groups selected in your identity provider. You configure your SAML application to send a SAML assertion response to BigAnimal for each user.
The identity provider application provides:
- Signature certificate
- Single sign-on URL (Sign In Endpoint)
The BigAnimal service provider provides:
- ACS URL (Assertion Consumer Service)
- SP Entity ID (Audience URI)
The Set Up Identity Provider page in BigAnimal provides the ACS URL and Audience URI, which you can copy to use when configuring your SAML application. The page also includes information about mandatory attributes for the configuration.
The following SAML assertions are needed to map the user information in your identity provider application to BigAnimal:
On the Set Up Identity Provider page:
On the Connection Info tab, copy the following URLs to use in your identity provider configuration:
URL Description Assertion Consumer Service URL BigAnimal-specific URL to which SAML assertions from your identity provider are sent Audience URI The entity or audience for which the SAML assertion is intended
Configure your identity provider to send the SAML response. The SAML response must include the following attributes:
givenname: BigAnimal uses the value as the given name in the profile of the authenticated user.
surname: BigAnimal uses the value as the surname in the profile of the authenticated user.
name: BigAnimal uses the value as the full name (
surname) in the profile of the authenticated user.
emailaddress(optional): BigAnimal uses the value for the email address in the profile of the authenticated user.
NameIDelement in the
Subjectelement. Provide your email ID as the value to
NameID. BigAnimal uses the email ID you provide as your username and primary email, so format
NameIDlike an email address.
On the Setup Configuration tab, enter the configuration information for your preferred SAML identity provider:
Field Description Issuer URL URL string uniquely associated with your identity provider partner. Single Sign-On URL The identity provider's sign-on URL. Identity provider signature certificate Identity provider's assertion signing certificate (
.cert). Coordinate with your identity provider partner to obtain this certificate securely.
Request Binding SAML Authentication Request Protocol binding used to send the authentication request: HTTP-Redirect, HTTP-Post, or Hybrid (SAML request is REDIRECT and response is POST). Response Signature Algorithm (RSA) Algorithm The signature algorithm used to sign the SAML AuthNRequest (RSA SHA-1 or RSA SHA-256).
Select Test Connection. If you connect to your identity provider successfully, your identity provider's login screen appears. If an error message appears, contact Support.
Once your identity provider is set up, you can view your connection status, ID, login URL, audience URI, and assertion consumer service URL from the BigAnimal portal on the Identity Provider page (select Admin > Identity Provider to access).
Manage roles for added users
You add users through your identity provider. A user who is added in the identity provider is automatically added to BigAnimal. BigAnimal assigns them with the default role of organization member. You manage roles and permissions from BigAnimal. See Managing portal access.
A user is created in BigAnimal only after they log in. After they log in, you can change their BigAnimal role.
Add a tile
Once you have established the identity provider, you can create a BigAnimal tile for users to access the organization's BigAnimal application. To do so, simply copy the quick sign-in URL from the Settings > Identity Provider page of the BigAnimal portal to create the tile. For details on how to add a tile, refer to your identify provider documentation for instructions on setting up SSO access to your application.
Setting up specific identity providers
For step-by-step instructions for setting up specific identity providers, see:
- Using Auth0 as your identity provider
- Using AWS IAM Identity Center as your identity provider
- Using Azure AD as your identity provider
- Using Google Workspace (G Suite) as your identity provider
- Using Okta as your identity provider
You and other users can log in to BigAnimal using your identity provider credentials.
You can rename the default project BigAnimal creates for you. See Editing a project.
You can Set up your cloud service provider so that you or other users with the correct permissions can create clusters.
After setting up your cloud server provider, you can assign roles to your default project. See Managing portal access.