Identity Provider Connections

On this page

An Identity Provider Connection represents a connection between SingleStore Helios’s identity system and the customer's Identity Provider (IdP).

An organization may have zero or more Identity Provider Connections. They are found in the Organization menu under Authentication which is next to Settings.

Connections can be active or inactive.

Connections can be modified, copied and deleted.

Each connection has an identifier and its own URL paths that need to be configured with the customer’s Identity Provider to make the connection work.

The process of establishing a connection involves exchanging information between the SingleStore Helios’s identity system and the customer IdP.

Both OIDC 1.0 and SAML 2.0 connections are supported.


Each IDP connection is also configured with one or more domain names. The domain names control which authentication requests will be routed to the IdP connection.

A domain can be “live” or not live, on a per-IdP connection basis. Setting a domain “live” in one connection will make it not "live" in all other connections.

A domain can be verified or not verified. Verification is the process of proving that you (the customer) own (or at least control) the domain. To verify a domain, you need to do one of the following:

  • Create a DNS TXT record with the token as specified in the UI.

  • Create a web page with the token as specified in the UI.

Once a domain is verified, it remains verified.

Sub-domains of a verified domain will be verified semi-automatically (click Verify).

An IdP connection cannot be activated without having at least one live and verified domain.


One of the per-domain settings controls whether non-SSO login using an email address matching that domain is allowed.  If “Require SSO” is true, then you cannot log into the SingleStore Helios Portal using an email address that matches that domain unless using SSO.

A list of email addresses of the form, username@domain or just username can bypass the per-domain SSO required setting and log in through the keycloak as shown in the sample screenshot below:

Last modified: January 29, 2024

Was this article helpful?