SAML Authentication and Authorization

SAML Authentication and Authorization


Add to your .env file REDASH_SAML_METADATA_URL config value which needs to point to the SAML provider metadata url, eg If you don’t want to communicate with IdP server to fetch a metadata, put a metadata file to the redash server as a local file, and add REDASH_SAML_LOCAL_METADATA_PATH instead of REDASH_SAML_METADATA_URL, eg /opt/redash/metadata.xml

And an optional REDASH_SAML_CALLBACK_SERVER_NAME which contains theserver name of the redash server for the callbacks from the SAML provider (eg

And if you want to specify nameid format, add REDASH_SAML_NAMEID_FORMAT config value, eg urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified default is urn:oasis:names:tc:SAML:2.0:nameid-format:transient

If you want to specify entityid in AuthnRequest, add REDASH_SAML_ENTITY_ID config value, eg

On the SAML provider side, example configuration for OneLogin is: SAML Consumer URL: SAML Audience: SAML Recipient:

Example configuration for Okta is: Single Sign On URL: Recipient URL: Destination URL:

with parameters ‘FirstName’ and ‘LastName’, both configured to be included in the SAML assertion.


To manage group assignments in Redash using your SAML provider, configure SAML response to include attribute with key ‘RedashGroups’, and value as names of groups in Redash.

Example configuration for Okta is: In the Group Attribute Statements - Name: RedashGroups Filter: Starts with: this-is-a-group-in-redash

results for ""

    powered by

    No results matching ""