Set user profile dynamically from SSO

hugh
hugh Registered Posts: 1 ✭✭✭

Hi Team,

I am currently exploring SSO operations in Dataiku v8.0.1. Could you please tell me if it is possible to set the user profile from Keycloak using user attribute system or something like that ? I know that I need to create a DSS user with a profile but I would like to override it using Keycloak.

Thanks,

Hugues

Answers

  • MehdiH
    MehdiH Dataiker, Dataiku DSS Core Designer, Dataiku DSS Core Concepts Posts: 21 Dataiker

    Hi @hugh

    The way SSO works in DSS requires you to either use LDAP, or setup the users manually. Unfortunately, you cannot set user profiles dynamically from SSO.

    You can have a look at Dataiku SSO documentation for more info

    Cheers

  • Shib1
    Shib1 Registered Posts: 1

    Hi @Mehdi
    /All

    Has dynamic setting of user profile from SSO been addressed with newer version of Dataiku ?

  • quentincastel
    quentincastel Dataiker, Dataiku DSS Core Designer, Registered Posts: 3 Dataiker

    Hi @Shib1
    ,

    You can't control the profile from keycloak directly but you can achieve something similar by playing the group mapping:

    In keycloak

    - you assign your users to groups

    - you then extend a scope, like 'profile' scope, to return the user groups

    In DSS

    - for each of your keycloak groups, you need to create a DSS group manually, of type SSO which map to the correspond keycloak group name

    - you setup OpenID and you enable group support

    - In the SSO section, configure the group mapping to profile

    => this way, when a user Alice of a group 'keycloak-reader' login to DSS, DSS will map alice to the group 'dss-reader' and assign the profile reader to Alice.

    Let me know if you managed to configure the suggestion above.

    Quentin

Setup Info
    Tags
      Help me…