Configure single sign-on (SSO)

As an administrator of a Materialize organization, you can configure single sign-on (SSO) as an additional layer of account security using your existing SAML- or OpenID Connect-based identity provider. This ensures that all users can securely log in to the Materialize console using the same authentication scheme and credentials across all systems in your organization.

NOTE: Single sign-on in Materialize only supports authentication into the Materialize console. Permissions within the database are handled separately using role-based access control.

Before you begin

To make Materialize metadata available to Datadog, you must configure and run the following additional services:

  • You must have an existing SAML- or OpenID Connect-based identity provider.
  • Only users assigned the OrganizationAdmin role can view and modify SSO settings.

Configure authentication

  • Click Add New and choose the OpenID Connect connection type.

  • Add the issuer URL, client ID, and secret key provided by your identity provider.

  • Click Add New and choose the SAML connection type.

  • Add the SSO endpoint and public certificate provided by your identity provider.

  • Optionally, add the SSO domain provided by your identity provider. Click Proceed.

  • Select the organization role for the user:

    Organization role Description
    Organization Admin
    • Console access: Has access to all Materialize console features, including administrative features (e.g., invite users, create service accounts, manage billing, and organization settings).

    • Database access: Has superuser privileges in the database.

    Organization Member
    • Console access: Has no access to Materialize console administrative features.

    • Database access: Inherits role-level privileges defined by the PUBLIC role; may also have additional privileges via grants or default privileges. See Access control control.

    NOTE:
    • The first user for an organization is automatically assigned the Organization Admin role.

    • An Organization Admin has superuser privileges in the database. Following the principle of least privilege, only assign Organization Admin role to those users who require superuser privileges.

    • Users/service accounts can be granted additional database roles and privileges as needed.

Next steps

The organization role for a user/service account determines the default level of database access. Once the account creation is complete, you can use role-based access control (RBAC) to control access for that account.
Back to top ↑