Set user profile dynamically from SSO

hugh

Hi Team,

I am currently exploring SSO operations in Dataiku v8.0.1. Could you please tell me if it is possible to set the user profile from Keycloak using user attribute system or something like that ? I know that I need to create a DSS user with a profile but I would like to override it using Keycloak.

Thanks,

Hugues

MehdiH

Hi @hugh

The way SSO works in DSS requires you to either use LDAP, or setup the users manually. Unfortunately, you cannot set user profiles dynamically from SSO.

You can have a look at Dataiku SSO documentation for more info

Cheers

Shib1

Hi @Mehdi
/All

Has dynamic setting of user profile from SSO been addressed with newer version of Dataiku ?

quentincastel

Hi @Shib1
,

You can't control the profile from keycloak directly but you can achieve something similar by playing the group mapping:

In keycloak

- you assign your users to groups

- you then extend a scope, like 'profile' scope, to return the user groups

In DSS

- for each of your keycloak groups, you need to create a DSS group manually, of type SSO which map to the correspond keycloak group name

- you setup OpenID and you enable group support

- In the SSO section, configure the group mapping to profile

=> this way, when a user Alice of a group 'keycloak-reader' login to DSS, DSS will map alice to the group 'dss-reader' and assign the profile reader to Alice.

Let me know if you managed to configure the suggestion above.

Quentin