Connecting to your identity provider
With Cyral, you can authenticate database users and Cyral administrators against your identity provider (IdP) or single sign-on (SSO) platform. Once set up for SSO, Cyral delegates authentication to your identity provider. When a user authenticates successfully, Cyral grants them the appropriate privileges in the data store. Privileges can be based on each user's group memberships in the identity management system by creating database user mappings or admin user mappings
SSO
To set up SSO, first connect Cyral to your identity provider by following the steps for your platform:
- Active Directory Federation Service (ADFS)
- Azure Active Directory
- ForgeRock
- G Suite
- Okta
- SAML 2.0 (for SAML-based identity providers not covered by Cyral's standard integrations)
SCIM
To set up a SCIM integration to supply user group information to Cyral, see:
- SCIM with Azure Active Directory
- SCIM with Okta
- SCIM with a SAML 2.0-compatible identity provider (for SAML-based identity providers not covered by Cyral's standard integrations)
Learn more
- After you've connected Cyral to your identity provider, see Set up SSO authentication for users for the steps to activate SSO authentication on each repository that will use it.
- Users can connect via your identity provider as explained here.
- You can set up as many identity providers (IdPs) as you need, and users can log in faster by passing Cyral an IdP hint indicating their preferred IdP.
- You can embed a Cyral login button or Cyral token button on your employee access portal to give your users fast access to the Cyral authentication tokens they need for logging into a database.