Setting up your identity provider

If you purchased BigAnimal directly from EDB, you must set up your identity provider (IDP) before accessing BigAnimal for the first time. After setting up your identity provider, you can add users to BigAnimal by adding them to the designated group in your identity provider. Once you've logged into BigAnimal using your identity provider, you can set up your cloud service provider (CSP) in the BigAnimal portal to complete onboarding. If you purchased through Azure Marketplace, BigAnimal authenticates users using Azure Active Directory (AD) and you don't have to complete these steps, as Azure AD is linked during subscription.

BigAnimal supports single sign-on through SAML identity providers. The SAML application enables access to BigAnimal for groups selected in your identity provider. You configure your SAML application to send a SAML assertion response to BigAnimal for each user.

The identity provider application provides:

  • Signature certificate
  • Single sign-on URL (Sign In Endpoint)

The BigAnimal service provider provides:

  • ACS URL (Assertion Consumer Service)
  • SP Entity ID (Audience URI)

The Set Up Identity Provider page in BigAnimal provides the ACS URL and Audience URI, which you can copy to use when configuring your SAML application. The page also includes information about mandatory attributes for the configuration.

The following SAML assertions are needed to map the user information in your identity provider application to BigAnimal:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Configure SAML

On the Set Up Identity Provider page:

  1. On the Connection Info tab, copy the following URLs to use in your identity provider configuration:

    URLDescription
    Assertion Consumer Service URLBigAnimal-specific URL to which SAML assertions from your identity provider are sent
    Audience URIThe entity or audience for which the SAML assertion is intended
  2. Configure your identity provider to send the SAML response. The SAML response must include the following attributes:

    • givenname: BigAnimal uses the value as the given name in the profile of the authenticated user.
    • surname: BigAnimal uses the value as the surname in the profile of the authenticated user.
    • name: BigAnimal uses the value as the full name (givenname joined with surname) in the profile of the authenticated user.
    • emailaddress (optional): BigAnimal uses the value for the email address in the profile of the authenticated user.

    Provide a NameID element in the Subject element. Provide your email ID as the value to NameID. BigAnimal uses the email ID you provide as your username and primary email, so format NameID like an email address.

    For example:

    nameID

  3. On the Setup Configuration tab, enter the configuration information for your preferred SAML identity provider:

    FieldDescription
    Issuer URLURL string uniquely associated with your identity provider partner.
    Single Sign-On URLThe identity provider's sign-on URL.
    Identity provider signature certificateIdentity provider's assertion signing certificate (.cer or .cert). Coordinate with your identity provider partner to obtain this certificate securely.
    Request BindingSAML Authentication Request Protocol binding used to send the authentication request: HTTP-Redirect, HTTP-Post, or Hybrid (SAML request is REDIRECT and response is POST).
    Response Signature Algorithm (RSA) AlgorithmThe signature algorithm used to sign the SAML AuthNRequest (RSA SHA-1 or RSA SHA-256).
  4. Select Test Connection. If you connect to your identity provider successfully, your identity provider's login screen appears. If an error message appears, contact Support.

Once your identity provider is set up, you can view your connection status, ID, login URL, audience URI, and assertion consumer service URL from the BigAnimal portal on the Identity Provider page (select Admin > Identity Provider to access).

Manage roles for added users

You add users through your identity provider. A user who is added in the identity provider is automatically added to BigAnimal. BigAnimal assigns them with the default role of reader. You manage roles and permissions from BigAnimal. See Managing portal access.

Note

A user is created in BigAnimal only after they log in. After they log in, you can change their BigAnimal role.

Setting up specific identity providers

For step-by-step instructions for setting up specific identity providers, see:

Next steps

You and other users can log in to BigAnimal using your identity provider credentials.

You can Set up your cloud service provider so that you or other users with the correct permissions can create clusters.