SSO Configuration | Identity Provider (IdP) | VantageCloud Enterprise - Configuring Single Sign-On - Teradata Vantage

Teradata® VantageCloud Enterprise
Deployment
VantageCloud
Edition
Enterprise
Product
Teradata Vantage
Release Number
2.4.3
Published
June 2022
Language
English (United States)
Last Update
2023-10-13
dita:mapPath
wec1649710665916.ditamap
dita:ditavalPath
lwe1652211139768.ditaval
dita:id
wec1649710665916
Product Category
Teradata Vantage
  • If you are a new Vantage customer, Teradata enables Single Sign-on (SSO) during provisioning.
  • If you are an existing Vantage customer, and don't yet have SSO, submit a change request to have Teradata enable it.

With SSO enabled, complete the self-service configuration steps found in Teradata Vantage™ - Analytics Database Security Administration.

Then Teradata sends you an email about completing SSO configuration using federated authentication. Complete the tasks described in the email. You will need the following information:
  • Domain
  • Provider URL
  • Claims
  1. Use the link in the email to access the Identity configuration interface.
  2. Use the link in the email to reset your password.
  3. Complete the multi-factor authentication (MFA) flow using the passcode sent to your email address.
    This is the same email address you use to log on to the Vantage Console.
  4. Select
    .
    If you don't see the icon, contact your system security or cloud administrator. Only the Day0 admin with Customer Admin or Cloud Service Owner privileges can access Identity configuration.
  5. In the Settings section, enter a unique Name for the IdP configuration.
  6. Enter the Domain of the email client, for example, mycompany.com.

    You can add multiple email domains as comma-separated values. For example, if your organization uses the email addresses xyz@mycompany.com and xyz@abc.mycompany.in, type mycompany.com, abc.mycompany.in.

    If you are a new customer using SSO, you have this multiple domain feature. If you are an existing customer using SSO, submit a change request to enable it.
  7. Use the menu to select the SSO protocol.
    Protocol Option Values
    SAML

    Identifier (Entity ID): https://login.customer.teradata.com

    Reply URL: https://login.customer.teradata.com/sp/ACS.sam12
    OpenID (OIDC) When selecting the OIDC protocol, copy the redirect URL from the Vantage Console Identity page and use it in your cloud service IdP application to complete the IdP configuration with Vantage IdP.
  8. In the Claims section, enter the following attributes to establish the user mapping.
    Field Attribute
    subject Subject mapped to the SSO protocol
    user_name Username associated with the Vantage user account
    This username is mapped to the database username.
    name Display name of the user
    firstName First name of the user
    lastName Last name of the user
    email Email of the user
  9. Select Save.
    Once SSO is configured, the Identity card is no longer visible to the Day0 user. To make future changes, the Day0 admin must log in using a non-SSO path and change the settings.