Hybrid Data Pipeline supports SAML authentication services to connect directly with a Hybrid Data Pipeline instance. A SAML authentication service may be used to enable single sign-on (SSO) with SSO identity providers such Okta or Microsoft.

Note:

  • SAML SSO support is limited to authentication directly with Hybrid Data Pipeline. It is not supported for JDBC, ODBC, and OData client application connectivity. However, SSO is supported for OData connections with an OIDC authentication service. See Integrating an OIDC authentication service for details.
  • Hybrid Data Pipeline does not support any encrypted SAML responses.

The following general steps apply to integrating a SAML authentication service.

  1. The SAML service must be registered as an external authentication service.
  2. Hybrid Data Pipeline user accounts must be configured to use the SAML service.
  3. The identity provider (IdP) for SAML must be configured to use Hybrid Data Pipeline.

Important: To log in using SAML, enter the URL of your Hybrid data Pipeline instance followed by sso and the authentication service name. For example, https://MyServer:8443/hdpui/sso/authservice.

IdP requirements: To configure SAML, an Assertion Consumer Service (ACS) URL is required. The ACS URL is an endpoint on the Hybrid Data Pipeline server. The IdP redirects authentication responses to the ACS URL. When setting up your account with the IdP, you must specify a unique relying party entity ID. A relying party entity ID is a URL that identifies Hybrid Data Pipeline.