This describes functionality only available in Dremio v18.X and later.
Okta is an identity management application that may be integrated with Dremio via SCIM. Once configured, administrators may select authorized users in Okta, which are then automatically created in Dremio. Their username and password must be set and managed from Okta.
System for Cross-domain Identity Management (SCIM) is used as a standard method for linking systems like Okta to Dremio for user provisioning. When configured, Okta automatically sends the credentials of assigned users securely through SCIM to your Dremio server, automatically creating user accounts with passwords. These new users may then log in on Dremio using their previously-assigned Okta credentials.
You cannot reset or change an external user’s password from Dremio as this is governed by your organization’s identity manager.
If you delete an external user from Dremio, Okta will re-add their account the next time that user attempts to log in. To properly revoke access to Dremio, follow these steps.
The following configurations must be utilized:
The following sections outline the process of setting up Okta to communicate with Dremio with SCIM. This process is divided into sections, but should be completed chronologically.
SCIM 2.0 Test App (Header Auth)and then click Add from the app’s page.
The following types of API tokens may be used:
To obtain either of these tokens, please refer to the Personal Access Tokens help page.
Once you’ve obtained a token, complete the following steps:
bearer(including a space after the word) and then paste the token.
was verified successfully!
SCIM is fully configured, which means users added from Okta will now be automatically created in Dremio.
Only users or groups granted access via the SCIM app will have an account automatically created in Dremio.
To assign or grant users access to Dremio, perform the following steps:
That user is now granted access to Dremio and an account is automatically created in the application. They may log in on Dremio immediately and administrators may view their account from the Users screen.
To assign or grant groups of users access to Dremio, perform the following steps:
All users associated with the group will be synchronized in Dremio. The group will also synchronize with Dremio as a role with all group members assigned to the role.
Users associated with the group may log in on Dremio immediately and administrators may view their account from the Users screen.
We recommend assigning privileges to manage role members' access to objects in Dremio.
If you wish to revoke access to Dremio for specific users or groups, complete these steps.
The deleted user(s) may no longer log in on Dremio, however, this does not delete their account from Dremio.