Configuring an Identity Provider - Teradata Vantage

Teradata® VantageCloud Lake
Deployment
VantageCloud
Edition
Lake
Product
Teradata Vantage
Published
January 2023
Language
English (United States)
Last Update
2024-04-03
dita:mapPath
phg1621910019905.ditamap
dita:ditavalPath
pny1626732985837.ditaval
dita:id
phg1621910019905

An identity provider stores, secures, and authenticates the digital identities of users. You can use multiple identity providers, and associate each identity provider with one or more realms. A realm can only be associated to one identity provider. Examples of identity providers include Azure Active Directory, Okta, and Ping.

To add or configure an identity provider, select Environments, go to Organization, then Access Management, and then select Identity providers & realms.

VantageCloud Lake supports these identity provider types:
  • OpenID Connect
  • SAML

OpenID Connect

To use OpenID Connection, copy the following information from your corporate identity provider portal:
  • The provider URL to which authentication requests are sent
  • Your client ID and client secret
  • The authorization scheme
  • The scopes (groups of claims) your identity provider requires

VantageCloud Lake single sign-on requires the openid scope. Your corporate identity provider might require others.

You need the claims from your corporate identity provider to map to these VantageCloud Lake claims:
  • Groups
  • Given name
  • Display name
  • Family name
  • Email
  • User name
Important: Once you enter the provider URL, a redirect URI appears. You must add this redirect URI to your identity provider configuration in the identity provider portal.

SAML 2.0

Get the metadata file from your SAML identity provider portal. Do this by creating an application in your identity provider portal. Use these two values:
  • Entity ID - This is your VantageCloud Lake base URL, such as the following:

    https://yourcompany.innovationlabs.teradata.com

  • Assertion Consumer Service (ACS) URL - This is your VantageCloud Lake base URL + /auth/sp/ACS.saml2, such as the following:

    https://yourcompany.innovationlabs.teradata.com/auth/sp/ACS.saml2

You also need the claims from your identity provider to map to these VantageCloud Lake claims:
  • Groups
  • Given name
  • Display name
  • Family name
  • Email
  • User name
Your SAML identity provider might require updated service provider (SP) metadata from VantageCloud Lake. If that occurs, then you must add the provider in VantageCloud Lake, edit it and then select Export Service Provider (SP) Metadata.