Single Sign-On (SSO)

Single Sign-On (SSO) enables users to access Collibra Platform using a web client, without having to explicitly type their login credentials (username and password).

Collibra provides support for two types of SSO. Each SSO type can be used with or without LDAP (Light-weight Directory Access Protocol), resulting in the following SSO modes:

SAML 2.0, options:
- SSO SAML with attributes sync
- SSO SAML LDAP
SSO through header information, options:
- SSO Header with Collibra Platform users
- SSO Header with LDAP sync

Tip If you want to use a custom certificate in the SSO configuration for Collibra access, see this section.

This section explains how to:

Choose the most appropriate mode of SSO.
Configure the Collibra for the SSO mode you prefer.

Note

The only supported SAML protocol version in Collibra is SAML 2.0 (urn:oasis:names:tc:SAML:2.0:protocol).
When configuring SAML, in order to obtain the SP metadata from Collibra, sign in and go to https://<your_collibra_url>/rest/2.0/security/saml.
If you want a full SP metadata, go to https://<your_collibra_url>/rest/2.0/security/saml?complete=true.
Collibra only supports assertions to come in through the HTTP-POST binding (as defined in the SP metadata file).
For more information about this subject, see the knowledge base on the Collibra Support Portal.