sys.external_authentication

A system view that returns information about the external authentication objects in the instance. External authentication objects are used to configure access to extermal identity providers (IDPs) when configuring single sign-on (SSO). See also Single Sign-On and CREATE EXTERNAL AUTHENTICATION.

Column Name	Data Type	Description
id	oid	Identity of the external authentication record
name	name	Name of the external authentication record
owner_id	oid	Owner of this external authentication record
is_enabled	boolean	This external authentication record is enabled or not
issuer	text	Issuer to match for token signature validation and for public key discovery using JWKS if `public_key` is not specified
is_user_auto_create	boolean	Auto create the mapped db user if it doesn't exist
user_mapping_claim	name	Claim key whose value in the jwt maps to the db user, or is used to create user if `is_user_auto_create` is set
audiences_claim	text[1]	Array of possible audience claim values in the jwt. One must match for authentication to proceed. Scaling consideration: Limited to 5000 strings
roles_granted	text[1]	Array of role names to grant user if `is_user_auto_create` is set, and user is created during login. Scaling consideration: Limited to 5000 names
role_grant_claim	name	Claim key whose value in the jwt contains a json array of grant roles
roles_allowed_login	text[1]	Array of role name to allow login if found in jwt. See `role_grant_claim`. Scaling consideration: Limited to 5000 role names
roles_disallowed_login	text[1]	Array of role names to disallow login if found in jwt. See `role_grant_claim`. Scaling consideration: Limited to 5000 role names
azp_claim	name	Authorized party value that is expected to be found in a valid jwt
public_key	text	Permanent public key. Set this to the public key of the issuer signing authority for tokens if the JWKS endpoint is not available as specified by `issuer`.
is_disable_trust	boolean	Disable TLS trust verification between PG and JWKS endpoint disabled or not.

Configuring SSL/TLS for Tools and Drivers

Secure Connections for ODBC/JDBC Clients and ybsql

sys.lock

Bulk Load Examples

Running a Bulk Load

Loading Tables from Parquet Files

ybload Command

Loading from Amazon S3

Loading from Azure Blob Storage

Setting up and Running a Spark Job

Setting Up the ybrelay Service

LDAP Authentication

Synchronizing Users and Groups

Appliance: Disk Encryption

Setting Up Encrypted Drives

Remote Diagnostics

System Alerts

Creating an Alert Endpoint

Using the System Management Console

ybcli Reference

ybcli: config

AWS Marketplace

Create Stack

Docker

Cloud: Configuration

Vanity DNS

Yellowbrick Manager

Cloud: Enterprise Edition Getting Started

SQL-Based Loads from External Storage

Cloud: Installation

CLI Install Instructions

Permissions

Private Install Instructions

Public Install Instructions

Cloud: Kubernetes Guides

CREATE EXTERNAL FORMAT

CREATE EXTERNAL TABLE

CREATE TABLE

GRANT

Plan Hinting

SELECT

GROUP BY Clause

Subqueries

Data Type Casting

DECIMAL

JSON

JSONB

SQL String Constants

Aggregate Functions

Conditional Expressions

Datetime Functions

Formatting Functions

Geospatial functions

Mathematical Functions

Network Address Functions

Pattern Matching

Regular Expression Details

SQL Operators and Pattern Matching Functions

SQL Conditions

SQL User Defined Function (UDF)

SQL UDF Create Function

String Functions

ENCRYPT_KS

System Functions

Type-Safe Casting Functions

Window Functions

Creating WLM Resource Pools

Creating WLM Rules

Rule Examples

sys.external_authentication ​

sys.external_authentication