Single Sign-On

To enable Single Sign-On (SSO), Yellowbrick can be configured to use an external identity provider (IDP). Such external providers are necessary to support MFA (multi-factor authentication) which should be in use for all but the most simple trial accounts.

Yellowbrick supports a number of external authentication providers using the OpenID Connect (based on OAuth 2.0) standard. The currently supported list of providers includes:

Apple
Auth0
Microsoft Entra (formerly Azure Active Directory)
Microsoft ADFS
GitHub
GitLab
Google
Keycloak
Okta
Salesforce

New providers are being added all the time, so please get in touch if you'd like to see one that isn't on this list.

SSO Configuration Instructions

In order to set up an external IDP, use Yellowbrick Manager. Open Yellowbrick Manager, and navigate to the Single Sign-On page as shown in this screen shot:

Click Setup Single Sign-On to continue and follow the wizard to add a new IDP.

Step 1: Choose Your IDP

Choose the appropriate external identity provider, and give it a name and identifier. Yellowbrick supports multiple IDPs and the Login page will offer users a choice of which one to use. For that reason, each integration has a user friendly name (the Name field) and a unique identifier to register it with the system (the Identifier field).

Step 2: Configure the IDP

To complete this step, you'll need to work with the individual or organization in your company responsible for administration of identity management. Provide them with the Redirect URL shown in this step of the wizard, and ask to to supply you in return the corresponding OpenID Connect parameter values to fill out below.

Note that different providers have different parameters; while all of them have a Client Identifier and Client Secret, others may have various optional fields.

Step 3: Register in the Database

The final step of the wizard provides the SQL necessary to add the provider to the database instance. Log in using the credentials supplied for the Administrator Account during installation to execute the SQL provided.

Altering IDP settings requires the Yellowbrick Manager to restart. This only takes 10-20 seconds, doesn't result in any instance downtime, and should be performed immediately so that the newly registered IDP is operational.

Configuring SSL/TLS for Tools and Drivers

Secure Connections for ODBC/JDBC Clients and ybsql

sys.lock

Bulk Load Examples

Running a Bulk Load

Loading Tables from Parquet Files

ybload Command

Loading from Amazon S3

Loading from Azure Blob Storage

Setting up and Running a Spark Job

Setting Up the ybrelay Service

LDAP Authentication

Synchronizing Users and Groups

Appliance: Disk Encryption

Setting Up Encrypted Drives

Remote Diagnostics

System Alerts

Creating an Alert Endpoint

Using the System Management Console

ybcli Reference

ybcli: config

AWS Marketplace

Create Stack

Docker

Cloud: Configuration

Vanity DNS

Yellowbrick Manager

Cloud: Enterprise Edition Getting Started

SQL-Based Loads from External Storage

Cloud: Installation

CLI Install Instructions

Permissions

Private Install Instructions

Public Install Instructions

Cloud: Kubernetes Guides

CREATE EXTERNAL FORMAT

CREATE EXTERNAL TABLE

CREATE TABLE

GRANT

Plan Hinting

SELECT

GROUP BY Clause

Subqueries

Data Type Casting

DECIMAL

JSON

JSONB

SQL String Constants

Aggregate Functions

Conditional Expressions

Datetime Functions

Formatting Functions

Geospatial functions

Mathematical Functions

Network Address Functions

Pattern Matching

Regular Expression Details

SQL Operators and Pattern Matching Functions

SQL Conditions

SQL User Defined Function (UDF)

SQL UDF Create Function

String Functions

ENCRYPT_KS

System Functions

Type-Safe Casting Functions

Window Functions

Creating WLM Resource Pools

Creating WLM Rules

Rule Examples

Single Sign-On ​

SSO Configuration Instructions ​

Step 1: Choose Your IDP ​

Step 2: Configure the IDP ​

Step 3: Register in the Database ​

Single Sign-On

SSO Configuration Instructions

Step 1: Choose Your IDP

Step 2: Configure the IDP

Step 3: Register in the Database