Authentication settings are available in the
Only admins can view and change authentication settings.
There are 3 authentication related settings here:
- Enable/disable password based login.
- Google SSO: add Google Apps based domains to allow login from. Any user with a Google account from these domain(s) will be able to login. If they don’t have an account yet, an account will be automatically created.
- Enable/disable SAML support.
Once you enable SAML, additional settings will appear:
- Only SAML Metadata URL is required to make SAML authentication work. You can get this URL from your SAML provider like OneLogin.
- Set up Redash callback URL in your SAML provider:
https://app.redash.io/<your-company> for OneLogin
By default any user created with SAML/SSO will join the default group. It’s possible to configure the SAML provider to pass what groups the user should join by setting the
RedashGroups parameter. If you use OneLogin’s predefined Redash application, it will always pass this parameter, meaning that even for existing users, it will override their current groups memberships. Hence you need to make sure it’s up to date.
Edit on GitHub