Sign inTry Free

The Overall Flow of the SSO Setup

  1. In the SingleStore Helios Portal, open the ORG:your-org menu at the top and go to Organization Details.

  2. Under the Authentication tab, use the Add Identity Provider menu to create an OIDC or SAML connection.

  3. Name the connection.

  4. Save it.

  5. To continue editing the connection, select the ellipsis (three dots) under the Actions column, and select Update Connection.

  6. Navigate in your IdP UI to where you can add a client/SP.

  7. Add an authentication client (OIDC) or SP (SAML) to your IdP.

  8. Exchange data back and forth between SingleStore and your IdP. (See specific instructions for various providers).

  9. Configure bits that are not exchanged such as scopes, attributes, etc. (See specific instructions for various providers).

  10. Select Save in the SingleStore Helios Portal to save your work.

  11. Try the new connection with test logins: select the ellipsis (three dots) in the Actions column, and select Perform Test Login. This will test the ability to log in without actually logging you in.

  12. If the test logins work, you get an error page that says login would have worked only if the problem (domain live and verified, connection activated, started from the Portal) were solved.

  13. If the test logins do not work, debug the problem. You may have an error message that provides a clue or if not, you can go to Debug Logins in the Actions column to see how far the login attempt made it and what errors the SingleStore identity platform saw.

  14. Add a domain.

  15. Set the domain live.

  16. Save.

  17. Verify the domain by either creating a web page with the provided token or creating a DNS record with the provided token. Select View Details on the domain status to see the specific instructions.

  18. Put the IdP connection live by using Activate Connection under the Actions column.

Last modified: July 19, 2024

Was this article helpful?

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK