Skip to main content

Identity Providers

Identity providers (IdPs) are services that store and manage digital identities. An IdP authenticates users via username-password combinations and other credentials, as typically used for cloud computing and managing user identities. The following IdPs are supported with Dremio:

View an IdP

To view an IdP configured for Dremio:

  1. In the Dremio console, click Settings in the side navigation bar and then select Organization settings.

  2. Select Authentication from the organization settings sidebar.

Remove an IdP

You can only remove enterprise IdPs. Social IdPs cannot be removed as they are preconfigured with Dremio.

To remove an enterprise IdP:

  1. Click Settings in the side navigation bar and then select Organization settings.

  2. Select Authentication from the organization settings sidebar.

  3. Click Delete on the row of the IdP to remove. Removing an activated IdP removes it as a login option for all users within your organization. You must manually reconfigure the IdP if you want to use it again as a login option.

  4. Confirm that you want to remove the IdP. The IdP is then deleted along with any associated settings.

SCIM

System for Cross-domain Identity Management (SCIM) automates the synchronization of user accounts between your identity provider (IdP) and Dremio, eliminating the need for manual user management. When configured, IdPs send the credentials of assigned users securely via SCIM to your Dremio organization, automatically creating new user accounts if needed. These new users, also referred to as external users, can then log in to Dremio according to the policies set by your credential manager.

You cannot reset or change an external user's email address or password from Dremio because these tasks are governed by your organization's credential manager. If you delete an external user from Dremio, the IdP automatically re-adds the user's account the next time that user attempts to log in. To properly revoke access to Dremio, follow the steps for Microsoft Entra ID or Okta.

Configure Microsoft Entra ID with SCIM

You can use Microsoft Entra ID to securely provision external users in Dremio with SCIM. See SCIM Provisioning with Microsoft Entra ID for more information and instructions.

Configure Okta with SCIM

Dremio supports the Okta SCIM provisioning feature, which allows you to automatically create Dremio user accounts if they do not already exist, update user attributes in Dremio, and deactivate user accounts, all from Okta.

Before you can configure Okta SCIM provisioning, you must configure Okta as an IdP in Dremio. Follow the instructions in Okta as an Identity Provider to integrate the Dremio application in your Okta organization and add Okta as an OpenID Connect (OIDC) IdP in Dremio.

After you configure Okta as an IdP, you can configure Okta to use SCIM for secure user provisioning.

Limits and Considerations

  • To provide a consistent experience, Dremio uses rate limits for SCIM provisioning requests. For more information, see Limits.

  • Dremio allows one update to a user or group at a time. While the update is in progress, Dremio locks the user or group and rejects concurrent requests to update the same user or group.